Action not permitted
Modal body text goes here.
cve-2020-10687
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:06:11.126Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "name": "[cxf-dev] 20210129 Undertow CVE", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c%40%3Cdev.cxf.apache.org%3E" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220210-0015/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Undertow", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Undertow 2.2.0.Final" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-444", "description": "CWE-444", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-02-10T09:06:52", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "name": "[cxf-dev] 20210129 Undertow CVE", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c%40%3Cdev.cxf.apache.org%3E" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220210-0015/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-10687", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Undertow", "version": { "version_data": [ { "version_value": "Undertow 2.2.0.Final" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-444" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "name": "[cxf-dev] 20210129 Undertow CVE", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c@%3Cdev.cxf.apache.org%3E" }, { "name": "https://security.netapp.com/advisory/ntap-20220210-0015/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220210-0015/" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-10687", "datePublished": "2020-09-23T12:30:43", "dateReserved": "2020-03-20T00:00:00", "dateUpdated": "2024-08-04T11:06:11.126Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2020-10687\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2020-09-23T13:15:15.157\",\"lastModified\":\"2024-11-21T04:55:51.310\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un fallo en todas las versiones de Undertow versiones anteriores a Undertow 2.2.0.Final, donde el tr\u00e1fico malicioso de peticiones HTTP relacionado a CVE-2017-2666, es posible contra HTTP/1.x y HTTP/2 debido a que permite caracteres no v\u00e1lidos en una petici\u00f3n HTTP.\u0026#xa0;Este fallo permite a un atacante envenenar una cach\u00e9 web, llevar a cabo un ataque de tipo XSS y obtener informaci\u00f3n confidencial de una petici\u00f3n distinta a la suya\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":2.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.2.0\",\"matchCriteriaId\":\"4368010B-9B8A-4327-9B6B-DBEA6465D793\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*\",\"matchCriteriaId\":\"B8423D7F-3A8F-4AD8-BF51-245C9D8DD816\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*\",\"matchCriteriaId\":\"341E6313-20D5-44CB-9719-B20585DC5AD6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C3AA5CE-9ACB-4E96-A4C1-50A662D641FB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4911A72-5FAE-47C5-A141-2E3CA8E1CCAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"645A908C-18C2-4AB1-ACE7-3969E3A552A5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4911A72-5FAE-47C5-A141-2E3CA8E1CCAB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1785049\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c%40%3Cdev.cxf.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20220210-0015/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1785049\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c%40%3Cdev.cxf.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20220210-0015/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
rhsa-2020_3463
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3463", "url": "https://access.redhat.com/errata/RHSA-2020:3463" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/" }, { "category": "external", "summary": "1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "JBEAP-19095", "url": "https://issues.redhat.com/browse/JBEAP-19095" }, { "category": "external", "summary": "JBEAP-19134", "url": "https://issues.redhat.com/browse/JBEAP-19134" }, { "category": "external", "summary": "JBEAP-19185", "url": "https://issues.redhat.com/browse/JBEAP-19185" }, { "category": "external", "summary": "JBEAP-19203", "url": "https://issues.redhat.com/browse/JBEAP-19203" }, { "category": "external", "summary": "JBEAP-19269", "url": "https://issues.redhat.com/browse/JBEAP-19269" }, { "category": "external", "summary": "JBEAP-19322", "url": "https://issues.redhat.com/browse/JBEAP-19322" }, { "category": "external", "summary": "JBEAP-19325", "url": "https://issues.redhat.com/browse/JBEAP-19325" }, { "category": "external", "summary": "JBEAP-19397", "url": "https://issues.redhat.com/browse/JBEAP-19397" }, { "category": "external", "summary": "JBEAP-19410", "url": "https://issues.redhat.com/browse/JBEAP-19410" }, { "category": "external", "summary": "JBEAP-19411", "url": "https://issues.redhat.com/browse/JBEAP-19411" }, { "category": "external", "summary": "JBEAP-19529", "url": "https://issues.redhat.com/browse/JBEAP-19529" }, { "category": "external", "summary": "JBEAP-19564", "url": "https://issues.redhat.com/browse/JBEAP-19564" }, { "category": "external", "summary": "JBEAP-19585", "url": "https://issues.redhat.com/browse/JBEAP-19585" }, { "category": "external", "summary": "JBEAP-19617", "url": "https://issues.redhat.com/browse/JBEAP-19617" }, { "category": "external", "summary": "JBEAP-19619", "url": "https://issues.redhat.com/browse/JBEAP-19619" }, { "category": "external", "summary": "JBEAP-19673", "url": "https://issues.redhat.com/browse/JBEAP-19673" }, { "category": "external", "summary": "JBEAP-19674", "url": "https://issues.redhat.com/browse/JBEAP-19674" }, { "category": "external", "summary": "JBEAP-19874", "url": "https://issues.redhat.com/browse/JBEAP-19874" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3463.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update", "tracking": { "current_release_date": "2024-12-08T11:27:40+00:00", "generator": { "date": "2024-12-08T11:27:40+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2020:3463", "initial_release_date": "2020-08-17T13:28:45+00:00", "revision_history": [ { "date": "2020-08-17T13:28:45+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-08-17T13:28:45+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-08T11:27:40+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.3 for BaseOS-8", "product": { "name": "Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-elytron-web@1.6.2-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.8-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "product": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP11_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP04_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.7-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.48-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@9.4.19-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "product": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "product_id": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-common@1.5.2-1.Final_redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.2.9-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.10.4-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "product_id": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.1-7.Final_redhat_00009.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "product": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "product_id": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.2-4.GA_redhat_00002.1.el8eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow-server@1.6.2-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.8-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP11_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP04_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.7-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.10.7-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.48-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-all@4.1.48-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-commons@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-core@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-common@1.5.2-1.Final_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.20-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.2.9-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.2-4.GA_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.2-4.GA_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.2-4.GA_redhat_00002.1.el8eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src" }, "product_reference": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src" }, "product_reference": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Guillaume Smet" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14900", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2019-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666499" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate: SQL injection issue in Hibernate ORM", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14900" }, { "category": "external", "summary": "RHBZ#1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate: SQL injection issue in Hibernate ORM" }, { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "cve": "CVE-2020-10672", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815495" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10672" }, { "category": "external", "summary": "RHBZ#1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" } ], "release_date": "2020-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815470" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "category": "external", "summary": "RHBZ#1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "acknowledgments": [ { "names": [ "Adith Sudhakar" ] } ], "cve": "CVE-2020-10683", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1694235" } ], "notes": [ { "category": "description", "text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", "title": "Vulnerability description" }, { "category": "summary", "text": "dom4j: XML External Entity vulnerability in default SAX parser", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10683" }, { "category": "external", "summary": "RHBZ#1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dom4j: XML External Entity vulnerability in default SAX parser" }, { "acknowledgments": [ { "names": [ "Aaron Ogburn" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10687", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785049" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10687" }, { "category": "external", "summary": "RHBZ#1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests" }, { "acknowledgments": [ { "names": [ "Alvaro Mu\u00f1oz" ], "organization": "GitHub Security Labs" } ], "cve": "CVE-2020-10693", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805501" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages", "title": "Vulnerability summary" }, { "category": "other", "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10693" }, { "category": "external", "summary": "RHBZ#1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693" } ], "release_date": "2020-05-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" }, { "category": "workaround", "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "acknowledgments": [ { "names": [ "James R. Perkins" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10718", "cwe": { "id": "CWE-749", "name": "Exposed Dangerous Method or Function" }, "discovery_date": "2020-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828476" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10718" }, { "category": "external", "summary": "RHBZ#1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API" }, { "acknowledgments": [ { "names": [ "Moritz Bechler" ], "organization": "SySS GmbH" } ], "cve": "CVE-2020-10740", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1834512" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10740" }, { "category": "external", "summary": "RHBZ#1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740" } ], "release_date": "2020-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans" }, { "cve": "CVE-2020-11612", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816216" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11612" }, { "category": "external", "summary": "RHBZ#1816216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11612" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612" } ], "release_date": "2020-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes" }, { "cve": "CVE-2020-14297", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853595" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14297" }, { "category": "external", "summary": "RHBZ#1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14297" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service" }, { "cve": "CVE-2020-14307", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "discovery_date": "2020-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851327" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14307" }, { "category": "external", "summary": "RHBZ#1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service" } ] }
rhsa-2020_3638
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)\n\n* resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n\u2022 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)\n\n* jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3638", "url": "https://access.redhat.com/errata/RHSA-2020:3638" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/" }, { "category": "external", "summary": "1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1805006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006" }, { "category": "external", "summary": "1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "1816330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "category": "external", "summary": "1816332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "category": "external", "summary": "1816337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "category": "external", "summary": "1816340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "JBEAP-18366", "url": "https://issues.redhat.com/browse/JBEAP-18366" }, { "category": "external", "summary": "JBEAP-18667", "url": "https://issues.redhat.com/browse/JBEAP-18667" }, { "category": "external", "summary": "JBEAP-18849", "url": "https://issues.redhat.com/browse/JBEAP-18849" }, { "category": "external", "summary": "JBEAP-18880", "url": "https://issues.redhat.com/browse/JBEAP-18880" }, { "category": "external", "summary": "JBEAP-18906", "url": "https://issues.redhat.com/browse/JBEAP-18906" }, { "category": "external", "summary": "JBEAP-18919", "url": "https://issues.redhat.com/browse/JBEAP-18919" }, { "category": "external", "summary": "JBEAP-18965", "url": "https://issues.redhat.com/browse/JBEAP-18965" }, { "category": "external", "summary": "JBEAP-19039", "url": "https://issues.redhat.com/browse/JBEAP-19039" }, { "category": "external", "summary": "JBEAP-19058", "url": "https://issues.redhat.com/browse/JBEAP-19058" }, { "category": "external", "summary": "JBEAP-19120", "url": "https://issues.redhat.com/browse/JBEAP-19120" }, { "category": "external", "summary": "JBEAP-19255", "url": "https://issues.redhat.com/browse/JBEAP-19255" }, { "category": "external", "summary": "JBEAP-19271", "url": "https://issues.redhat.com/browse/JBEAP-19271" }, { "category": "external", "summary": "JBEAP-19315", "url": "https://issues.redhat.com/browse/JBEAP-19315" }, { "category": "external", "summary": "JBEAP-19463", "url": "https://issues.redhat.com/browse/JBEAP-19463" }, { "category": "external", "summary": "JBEAP-19565", "url": "https://issues.redhat.com/browse/JBEAP-19565" }, { "category": "external", "summary": "JBEAP-19587", "url": "https://issues.redhat.com/browse/JBEAP-19587" }, { "category": "external", "summary": "JBEAP-19620", "url": "https://issues.redhat.com/browse/JBEAP-19620" }, { "category": "external", "summary": "JBEAP-19624", "url": "https://issues.redhat.com/browse/JBEAP-19624" }, { "category": "external", "summary": "JBEAP-19703", "url": "https://issues.redhat.com/browse/JBEAP-19703" }, { "category": "external", "summary": "JBEAP-19704", "url": "https://issues.redhat.com/browse/JBEAP-19704" }, { "category": "external", "summary": "JBEAP-19798", "url": "https://issues.redhat.com/browse/JBEAP-19798" }, { "category": "external", "summary": "JBEAP-19837", "url": "https://issues.redhat.com/browse/JBEAP-19837" }, { "category": "external", "summary": "JBEAP-19875", "url": "https://issues.redhat.com/browse/JBEAP-19875" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3638.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 7 security update", "tracking": { "current_release_date": "2024-12-08T11:28:23+00:00", "generator": { "date": "2024-12-08T11:28:23+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2020:3638", "initial_release_date": "2020-09-07T12:58:33+00:00", "revision_history": [ { "date": "2020-09-07T12:58:33+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-09-07T12:58:33+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-08T11:28:23+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product": { "name": "Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.20-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow-server@1.2.5-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-client@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-client-microprofile@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-binding-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-rxjava2@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-4.SP3_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.6.8-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "product": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "product_id": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-13.SP3_redhat_00011.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-7.SP2_redhat_00005.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-4.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core-impl@3.0.6-4.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core-jsf@3.0.6-4.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-ejb@3.0.6-4.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-jta@3.0.6-4.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-probe-core@3.0.6-4.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-web@3.0.6-4.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-modules@1.8.10-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.11-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.0.23-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product_id": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.2.9-4.GA_redhat_00003.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.2.9-4.GA_redhat_00003.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.2.9-4.GA_redhat_00003.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.2.9-4.GA_redhat_00003.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product_id": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.2.9-4.GA_redhat_00003.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-elytron-web@1.2.5-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "product": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "product_id": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-4.SP3_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.4-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.6.8-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "product": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "product_id": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-13.SP3_redhat_00011.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-7.SP2_redhat_00005.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "product": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "product_id": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-4.Final_redhat_00004.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-modules@1.8.10-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.11-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.0.23-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "product_id": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-13.Final_redhat_00014.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "product": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "product_id": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.2.9-4.GA_redhat_00003.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el7eap?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch" }, "product_reference": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src" }, "product_reference": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src" }, "product_reference": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src" }, "product_reference": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Guillaume Smet" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14900", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2019-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666499" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate: SQL injection issue in Hibernate ORM", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14900" }, { "category": "external", "summary": "RHBZ#1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate: SQL injection issue in Hibernate ORM" }, { "acknowledgments": [ { "names": [ "Mirko Selber" ], "organization": "Compass Security" } ], "cve": "CVE-2020-1695", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-07-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1730462" } ], "notes": [ { "category": "description", "text": "A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server\u0027s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.", "title": "Vulnerability description" }, { "category": "summary", "text": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1695" }, { "category": "external", "summary": "RHBZ#1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1695", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1695" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class" }, { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "acknowledgments": [ { "names": [ "An Trinh" ] } ], "cve": "CVE-2020-6950", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2019-12-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805006" } ], "notes": [ { "category": "description", "text": "A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6950" }, { "category": "external", "summary": "RHBZ#1805006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6950", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6950" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950" }, { "category": "external", "summary": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24", "url": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741", "url": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/issues/4571", "url": "https://github.com/eclipse-ee4j/mojarra/issues/4571" }, { "category": "external", "summary": "https://github.com/javaserverfaces/mojarra/issues/4364", "url": "https://github.com/javaserverfaces/mojarra/issues/4364" } ], "release_date": "2020-02-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371" }, { "cve": "CVE-2020-8840", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816330" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A \"gadget\" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-8840" }, { "category": "external", "summary": "RHBZ#1816330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8840", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking" }, { "cve": "CVE-2020-9546", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816332" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in shaded-hikari-config", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9546" }, { "category": "external", "summary": "RHBZ#1816332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9546", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in shaded-hikari-config" }, { "cve": "CVE-2020-9547", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816337" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in ibatis-sqlmap", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9547" }, { "category": "external", "summary": "RHBZ#1816337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9547", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in ibatis-sqlmap" }, { "cve": "CVE-2020-9548", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816340" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in anteros-core", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9548" }, { "category": "external", "summary": "RHBZ#1816340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9548", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in anteros-core" }, { "cve": "CVE-2020-10672", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815495" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10672" }, { "category": "external", "summary": "RHBZ#1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" } ], "release_date": "2020-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815470" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "category": "external", "summary": "RHBZ#1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "acknowledgments": [ { "names": [ "Adith Sudhakar" ] } ], "cve": "CVE-2020-10683", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1694235" } ], "notes": [ { "category": "description", "text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", "title": "Vulnerability description" }, { "category": "summary", "text": "dom4j: XML External Entity vulnerability in default SAX parser", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10683" }, { "category": "external", "summary": "RHBZ#1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dom4j: XML External Entity vulnerability in default SAX parser" }, { "acknowledgments": [ { "names": [ "Aaron Ogburn" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10687", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785049" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10687" }, { "category": "external", "summary": "RHBZ#1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests" }, { "acknowledgments": [ { "names": [ "Alvaro Mu\u00f1oz" ], "organization": "GitHub Security Labs" } ], "cve": "CVE-2020-10693", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805501" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages", "title": "Vulnerability summary" }, { "category": "other", "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10693" }, { "category": "external", "summary": "RHBZ#1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693" } ], "release_date": "2020-05-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" }, { "category": "workaround", "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "acknowledgments": [ { "names": [ "James R. Perkins" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10718", "cwe": { "id": "CWE-749", "name": "Exposed Dangerous Method or Function" }, "discovery_date": "2020-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828476" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10718" }, { "category": "external", "summary": "RHBZ#1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API" }, { "acknowledgments": [ { "names": [ "Moritz Bechler" ], "organization": "SySS GmbH" } ], "cve": "CVE-2020-10740", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1834512" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10740" }, { "category": "external", "summary": "RHBZ#1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740" } ], "release_date": "2020-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans" }, { "cve": "CVE-2020-14297", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853595" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14297" }, { "category": "external", "summary": "RHBZ#1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14297" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service" }, { "cve": "CVE-2020-14307", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "discovery_date": "2020-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851327" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14307" }, { "category": "external", "summary": "RHBZ#1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service" } ] }
rhsa-2021_0873
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.6 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client (CVE-2020-35510)\n\n* bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible (CVE-2020-28052)\n\n* wildfly-undertow: undertow: Possible regression in fix for CVE-2020-10687 (CVE-2021-20220)\n\n* jboss-ejb-client: wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client (CVE-2021-20250)\n\n* guava: local information disclosure via temporary directory created with unsafe permissions (CVE-2020-8908)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:0873", "url": "https://access.redhat.com/errata/RHSA-2021:0873" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/" }, { "category": "external", "summary": "1905796", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905796" }, { "category": "external", "summary": "1906919", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906919" }, { "category": "external", "summary": "1912881", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912881" }, { "category": "external", "summary": "1923133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923133" }, { "category": "external", "summary": "1929479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929479" }, { "category": "external", "summary": "JBEAP-20336", "url": "https://issues.redhat.com/browse/JBEAP-20336" }, { "category": "external", "summary": "JBEAP-20628", "url": "https://issues.redhat.com/browse/JBEAP-20628" }, { "category": "external", "summary": "JBEAP-20672", "url": "https://issues.redhat.com/browse/JBEAP-20672" }, { "category": "external", "summary": "JBEAP-20694", "url": "https://issues.redhat.com/browse/JBEAP-20694" }, { "category": "external", "summary": "JBEAP-20695", "url": "https://issues.redhat.com/browse/JBEAP-20695" }, { "category": "external", "summary": "JBEAP-20716", "url": "https://issues.redhat.com/browse/JBEAP-20716" }, { "category": "external", "summary": "JBEAP-20762", "url": "https://issues.redhat.com/browse/JBEAP-20762" }, { "category": "external", "summary": "JBEAP-20791", "url": "https://issues.redhat.com/browse/JBEAP-20791" }, { "category": "external", "summary": "JBEAP-20795", "url": "https://issues.redhat.com/browse/JBEAP-20795" }, { "category": "external", "summary": "JBEAP-20802", "url": "https://issues.redhat.com/browse/JBEAP-20802" }, { "category": "external", "summary": "JBEAP-20805", "url": "https://issues.redhat.com/browse/JBEAP-20805" }, { "category": "external", "summary": "JBEAP-20815", "url": "https://issues.redhat.com/browse/JBEAP-20815" }, { "category": "external", "summary": "JBEAP-20816", "url": "https://issues.redhat.com/browse/JBEAP-20816" }, { "category": "external", "summary": "JBEAP-20883", "url": "https://issues.redhat.com/browse/JBEAP-20883" }, { "category": "external", "summary": "JBEAP-20887", "url": "https://issues.redhat.com/browse/JBEAP-20887" }, { "category": "external", "summary": "JBEAP-20908", "url": "https://issues.redhat.com/browse/JBEAP-20908" }, { "category": "external", "summary": "JBEAP-20918", "url": "https://issues.redhat.com/browse/JBEAP-20918" }, { "category": "external", "summary": "JBEAP-20941", "url": "https://issues.redhat.com/browse/JBEAP-20941" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0873.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.6 security update", "tracking": { "current_release_date": "2024-12-01T12:17:25+00:00", "generator": { "date": "2024-12-01T12:17:25+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2021:0873", "initial_release_date": "2021-03-16T13:37:13+00:00", "revision_history": [ { "date": "2021-03-16T13:37:13+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-03-16T13:37:13+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-01T12:17:25+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product": { "name": "Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-naming-client@1.0.14-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.27-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.src", "product": { "name": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.src", "product_id": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-guava-failureaccess@1.0.1-1.redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.25-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.20-2.SP1_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana@5.9.11-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.18-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.11-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.src", "product": { "name": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.src", "product_id": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.34-1.SP1_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.src", "product_id": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle@1.68.0-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.2.13-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.src", "product": { "name": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.src", "product_id": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.9.0-9.redhat_00019.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.src", "product_id": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-5.Final_redhat_00006.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.39-1.SP1_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.src", "product_id": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-guava-libraries@30.1.0-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.src", "product": { "name": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.src", "product_id": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.6-1.GA_redhat_00002.1.el7eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-naming-client@1.0.14-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.27-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.27-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.27-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.27-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.27-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.27-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.27-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.27-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.27-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.noarch", "product_id": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-guava-failureaccess@1.0.1-1.redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.25-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.25-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.25-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.25-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.20-2.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana@5.9.11-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-compensations@5.9.11-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jbosstxbridge@5.9.11-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jbossxts@5.9.11-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jts-idlj@5.9.11-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jts-integration@5.9.11-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-api@5.9.11-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-bridge@5.9.11-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-integration@5.9.11-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-util@5.9.11-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-txframework@5.9.11-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.18-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.11-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.10.11-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.34-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle@1.68.0-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-mail@1.68.0-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-pkix@1.68.0-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-prov@1.68.0-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.2.13-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.9.0-9.redhat_00019.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.9.0-9.redhat_00019.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.9.0-9.redhat_00019.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.9.0-9.redhat_00019.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.9.0-9.redhat_00019.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.9.0-9.redhat_00019.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.9.0-9.redhat_00019.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.9.0-9.redhat_00019.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.9.0-9.redhat_00019.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.9.0-9.redhat_00019.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.9.0-9.redhat_00019.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.9.0-9.redhat_00019.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.9.0-9.redhat_00019.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.9.0-9.redhat_00019.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.9.0-9.redhat_00019.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.9.0-9.redhat_00019.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-5.Final_redhat_00006.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.2-5.Final_redhat_00006.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.2-5.Final_redhat_00006.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.2-5.Final_redhat_00006.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.2-5.Final_redhat_00006.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.2-5.Final_redhat_00006.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.2-5.Final_redhat_00006.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.2-5.Final_redhat_00006.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.2-5.Final_redhat_00006.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.2-5.Final_redhat_00006.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.2-5.Final_redhat_00006.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.2-5.Final_redhat_00006.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.2-5.Final_redhat_00006.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.2-5.Final_redhat_00006.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.2-5.Final_redhat_00006.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.2-5.Final_redhat_00006.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.2-5.Final_redhat_00006.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.2-5.Final_redhat_00006.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.2-5.Final_redhat_00006.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.2-5.Final_redhat_00006.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.2-5.Final_redhat_00006.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.2-5.Final_redhat_00006.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.39-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-guava-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-guava-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-guava-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-guava@30.1.0-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-guava-libraries@30.1.0-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.6-1.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk11-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk11-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk11-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.3.6-1.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk8-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk8-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk8-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.3.6-1.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.6-1.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.6-1.GA_redhat_00002.1.el7eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.src" }, "product_reference": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-guava-0:30.1.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-guava-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.src" }, "product_reference": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.src" }, "product_reference": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk11-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk11-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk8-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk8-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-8908", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2020-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1906919" } ], "notes": [ { "category": "description", "text": "A flaw was found in Guava that creates temporary directories with default permissions similar to /tmp. This issue may allow local users access, possibly permitting information exposure.", "title": "Vulnerability description" }, { "category": "summary", "text": "guava: local information disclosure via temporary directory created with unsafe permissions", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.src", "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-8908" }, { "category": "external", "summary": "RHBZ#1906919", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906919" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8908", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8908" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8908", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8908" } ], "release_date": "2020-09-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-16T13:37:13+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.src", "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0873" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.src", "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "guava: local information disclosure via temporary directory created with unsafe permissions" }, { "acknowledgments": [ { "names": [ "Aaron Ogburn" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10687", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785049" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.src", "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10687" }, { "category": "external", "summary": "RHBZ#1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-16T13:37:13+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.src", "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0873" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.src", "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests" }, { "cve": "CVE-2020-28052", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2021-01-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1912881" } ], "notes": [ { "category": "description", "text": "A flaw was found in bouncycastle. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.src", "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-28052" }, { "category": "external", "summary": "RHBZ#1912881", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912881" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28052", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28052" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28052", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28052" } ], "release_date": "2020-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-16T13:37:13+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.src", "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0873" }, { "category": "workaround", "details": "Users unable to upgrade to version 1.67 or greater can copy the `OpenBSDBCrypt.doCheckPassword()` method implementation (https://github.com/bcgit/bc-java/blob/r1rv67/core/src/main/java/org/bouncycastle/crypto/generators/OpenBSDBCrypt.java#L259-L343) into their own utility class and supplement it with the required methods and variables as required", "product_ids": [ "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.src", "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.src", "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible" }, { "cve": "CVE-2020-35510", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-12-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1905796" } ], "notes": [ { "category": "description", "text": "A flaw was found in jboss-remoting. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code, deleting the lines that send the ACK message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.src", "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-35510" }, { "category": "external", "summary": "RHBZ#1905796", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905796" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-35510", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35510" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-35510", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35510" } ], "release_date": "2020-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-16T13:37:13+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.src", "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0873" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.src", "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client" }, { "cve": "CVE-2021-20220", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-01-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1923133" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Possible regression in fix for CVE-2020-10687", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.src", "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-20220" }, { "category": "external", "summary": "RHBZ#1923133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923133" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-20220", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20220" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20220", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20220" } ], "release_date": "2021-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-16T13:37:13+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.src", "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0873" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.src", "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Possible regression in fix for CVE-2020-10687" }, { "cve": "CVE-2021-20250", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2021-02-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1929479" } ], "notes": [ { "category": "description", "text": "A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.src", "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-20250" }, { "category": "external", "summary": "RHBZ#1929479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929479" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-20250", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20250" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20250", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20250" } ], "release_date": "2021-02-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-16T13:37:13+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.src", "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0873" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap.src", "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client" } ] }
rhsa-2021_0885
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.6 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client (CVE-2020-35510)\n\n* bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible (CVE-2020-28052)\n\n* wildfly-undertow: undertow: Possible regression in fix for CVE-2020-10687 (CVE-2021-20220)\n\n* jboss-ejb-client: wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client (CVE-2021-20250)\n\n* guava: local information disclosure via temporary directory created with unsafe permissions (CVE-2020-8908)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:0885", "url": "https://access.redhat.com/errata/RHSA-2021:0885" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.3", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.3" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/" }, { "category": "external", "summary": "1905796", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905796" }, { "category": "external", "summary": "1906919", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906919" }, { "category": "external", "summary": "1912881", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912881" }, { "category": "external", "summary": "1923133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923133" }, { "category": "external", "summary": "1929479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929479" }, { "category": "external", "summary": "JBEAP-20336", "url": "https://issues.redhat.com/browse/JBEAP-20336" }, { "category": "external", "summary": "JBEAP-20628", "url": "https://issues.redhat.com/browse/JBEAP-20628" }, { "category": "external", "summary": "JBEAP-20672", "url": "https://issues.redhat.com/browse/JBEAP-20672" }, { "category": "external", "summary": "JBEAP-20694", "url": "https://issues.redhat.com/browse/JBEAP-20694" }, { "category": "external", "summary": "JBEAP-20695", "url": "https://issues.redhat.com/browse/JBEAP-20695" }, { "category": "external", "summary": "JBEAP-20762", "url": "https://issues.redhat.com/browse/JBEAP-20762" }, { "category": "external", "summary": "JBEAP-20791", "url": "https://issues.redhat.com/browse/JBEAP-20791" }, { "category": "external", "summary": "JBEAP-20795", "url": "https://issues.redhat.com/browse/JBEAP-20795" }, { "category": "external", "summary": "JBEAP-20802", "url": "https://issues.redhat.com/browse/JBEAP-20802" }, { "category": "external", "summary": "JBEAP-20805", "url": "https://issues.redhat.com/browse/JBEAP-20805" }, { "category": "external", "summary": "JBEAP-20815", "url": "https://issues.redhat.com/browse/JBEAP-20815" }, { "category": "external", "summary": "JBEAP-20816", "url": "https://issues.redhat.com/browse/JBEAP-20816" }, { "category": "external", "summary": "JBEAP-20883", "url": "https://issues.redhat.com/browse/JBEAP-20883" }, { "category": "external", "summary": "JBEAP-20887", "url": "https://issues.redhat.com/browse/JBEAP-20887" }, { "category": "external", "summary": "JBEAP-20908", "url": "https://issues.redhat.com/browse/JBEAP-20908" }, { "category": "external", "summary": "JBEAP-20918", "url": "https://issues.redhat.com/browse/JBEAP-20918" }, { "category": "external", "summary": "JBEAP-20941", "url": "https://issues.redhat.com/browse/JBEAP-20941" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0885.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.6 security update", "tracking": { "current_release_date": "2024-12-01T12:17:04+00:00", "generator": { "date": "2024-12-01T12:17:04+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2021:0885", "initial_release_date": "2021-03-16T13:19:20+00:00", "revision_history": [ { "date": "2021-03-16T13:19:20+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-03-16T13:19:21+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-01T12:17:04+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 7", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7", "product_id": "Red Hat JBoss Enterprise Application Platform 7", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-8908", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2020-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1906919" } ], "notes": [ { "category": "description", "text": "A flaw was found in Guava that creates temporary directories with default permissions similar to /tmp. This issue may allow local users access, possibly permitting information exposure.", "title": "Vulnerability description" }, { "category": "summary", "text": "guava: local information disclosure via temporary directory created with unsafe permissions", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-8908" }, { "category": "external", "summary": "RHBZ#1906919", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906919" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8908", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8908" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8908", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8908" } ], "release_date": "2020-09-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-16T13:19:20+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0885" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "guava: local information disclosure via temporary directory created with unsafe permissions" }, { "acknowledgments": [ { "names": [ "Aaron Ogburn" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10687", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785049" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10687" }, { "category": "external", "summary": "RHBZ#1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-16T13:19:20+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0885" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests" }, { "cve": "CVE-2020-28052", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2021-01-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1912881" } ], "notes": [ { "category": "description", "text": "A flaw was found in bouncycastle. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-28052" }, { "category": "external", "summary": "RHBZ#1912881", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912881" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28052", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28052" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28052", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28052" } ], "release_date": "2020-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-16T13:19:20+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0885" }, { "category": "workaround", "details": "Users unable to upgrade to version 1.67 or greater can copy the `OpenBSDBCrypt.doCheckPassword()` method implementation (https://github.com/bcgit/bc-java/blob/r1rv67/core/src/main/java/org/bouncycastle/crypto/generators/OpenBSDBCrypt.java#L259-L343) into their own utility class and supplement it with the required methods and variables as required", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible" }, { "cve": "CVE-2020-35510", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-12-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1905796" } ], "notes": [ { "category": "description", "text": "A flaw was found in jboss-remoting. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code, deleting the lines that send the ACK message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-35510" }, { "category": "external", "summary": "RHBZ#1905796", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905796" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-35510", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35510" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-35510", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35510" } ], "release_date": "2020-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-16T13:19:20+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0885" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client" }, { "cve": "CVE-2021-20220", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-01-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1923133" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Possible regression in fix for CVE-2020-10687", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-20220" }, { "category": "external", "summary": "RHBZ#1923133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923133" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-20220", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20220" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20220", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20220" } ], "release_date": "2021-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-16T13:19:20+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0885" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Possible regression in fix for CVE-2020-10687" }, { "cve": "CVE-2021-20250", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2021-02-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1929479" } ], "notes": [ { "category": "description", "text": "A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-20250" }, { "category": "external", "summary": "RHBZ#1929479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929479" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-20250", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20250" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20250", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20250" } ], "release_date": "2021-02-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-16T13:19:20+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0885" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client" } ] }
rhsa-2020_3192
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A minor version update (from 7.6 to 7.7) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This release of Red Hat Fuse 7.7.0 serves as a replacement for Red Hat Fuse 7.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* netty (CVE-2016-4970 CVE-2020-7238 CVE-2019-20444 CVE-2019-20445)\n\n* dom4j (CVE-2018-1000632)\n\n* elasticsearch (CVE-2018-3831)\n\n* pdfbox (CVE-2018-11797)\n\n* vertx (CVE-2018-12541)\n\n* spring-data-jpa (CVE-2019-3797)\n\n* mina-core (CVE-2019-0231)\n\n* jackson-databind (CVE-2019-12086 CVE-2019-16335 CVE-2019-14540 CVE-2019-17267 CVE-2019-14892 CVE-2019-14893 CVE-2019-16942 CVE-2019-16943 CVE-2019-17531 CVE-2019-20330 CVE-2020-10673 CVE-2020-10672 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11620 CVE-2020-11619 CVE-2020-14195 CVE-2020-14060 CVE-2020-14061 CVE-2020-14062)\n\n* jackson-mapper-asl (CVE-2019-10172)\n\n* hawtio (CVE-2019-9827)\n\n* undertow (CVE-2019-9511 CVE-2020-1757 CVE-2019-14888 CVE-2020-1745)\n\n* santuario (CVE-2019-12400)\n\n* apache-commons-beanutils (CVE-2019-10086)\n\n* cxf (CVE-2019-17573)\n\n* apache-commons-configuration (CVE-2020-1953)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3192", "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.fuse\u0026version=7.7.0", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.fuse\u0026version=7.7.0" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/" }, { "category": "external", "summary": "1343616", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343616" }, { "category": "external", "summary": "1620529", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620529" }, { "category": "external", "summary": "1632452", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632452" }, { "category": "external", "summary": "1637492", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1637492" }, { "category": "external", "summary": "1638391", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1638391" }, { "category": "external", "summary": "1697598", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1697598" }, { "category": "external", "summary": "1700016", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1700016" }, { "category": "external", "summary": "1713468", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713468" }, { "category": "external", "summary": "1715075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1715075" }, { "category": "external", "summary": "1728604", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728604" }, { "category": "external", "summary": "1741860", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860" }, { "category": "external", "summary": "1752770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752770" }, { "category": "external", "summary": "1755831", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755831" }, { "category": "external", "summary": "1755849", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755849" }, { "category": "external", "summary": "1758167", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758167" }, { "category": "external", "summary": "1758171", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758171" }, { "category": "external", "summary": "1758182", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758182" }, { "category": "external", "summary": "1758187", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758187" }, { "category": "external", "summary": "1758191", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758191" }, { "category": "external", "summary": "1764658", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764658" }, { "category": "external", "summary": "1767483", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1767483" }, { "category": "external", "summary": "1772464", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772464" }, { "category": "external", "summary": "1775293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775293" }, { "category": "external", "summary": "1793154", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793154" }, { "category": "external", "summary": "1796225", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796225" }, { "category": "external", "summary": "1797011", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797011" }, { "category": "external", "summary": "1798509", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798509" }, { "category": "external", "summary": "1798524", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798524" }, { "category": "external", "summary": "1807305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807305" }, { "category": "external", "summary": "1815212", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815212" }, { "category": "external", "summary": "1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "1816330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "category": "external", "summary": "1816332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "category": "external", "summary": "1816337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "category": "external", "summary": "1816340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "category": "external", "summary": "1819208", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819208" }, { "category": "external", "summary": "1819212", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819212" }, { "category": "external", "summary": "1821304", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821304" }, { "category": "external", "summary": "1821311", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821311" }, { "category": "external", "summary": "1821315", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821315" }, { "category": "external", "summary": "1826798", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826798" }, { "category": "external", "summary": "1826805", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826805" }, { "category": "external", "summary": "1848958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848958" }, { "category": "external", "summary": "1848960", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848960" }, { "category": "external", "summary": "1848962", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848962" }, { "category": "external", "summary": "1848966", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848966" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3192.json" } ], "title": "Red Hat Security Advisory: Red Hat Fuse 7.7.0 release and security update", "tracking": { "current_release_date": "2024-12-08T11:16:01+00:00", "generator": { "date": "2024-12-08T11:16:01+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2020:3192", "initial_release_date": "2020-07-28T15:54:02+00:00", "revision_history": [ { "date": "2020-07-28T15:54:02+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-07-28T15:54:02+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-08T11:16:01+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Fuse 7.7.0", "product": { "name": "Red Hat Fuse 7.7.0", "product_id": "Red Hat Fuse 7.7.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_fuse:7" } } } ], "category": "product_family", "name": "Red Hat JBoss Fuse" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-4970", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2016-06-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1343616" } ], "notes": [ { "category": "description", "text": "handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-4970" }, { "category": "external", "summary": "RHBZ#1343616", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343616" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-4970", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4970" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-4970", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4970" } ], "release_date": "2016-06-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl" }, { "cve": "CVE-2018-3831", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2018-09-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1632452" } ], "notes": [ { "category": "description", "text": "Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens, or usernames. This could allow an authenticated Elasticsearch user to improperly view these details.", "title": "Vulnerability description" }, { "category": "summary", "text": "elasticsearch: Information exposure via _cluster/settings API", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact Moderate, and is not currently planned to be addressed in future updates.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-3831" }, { "category": "external", "summary": "RHBZ#1632452", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632452" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-3831", "url": "https://www.cve.org/CVERecord?id=CVE-2018-3831" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-3831", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3831" } ], "release_date": "2018-09-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "elasticsearch: Information exposure via _cluster/settings API" }, { "cve": "CVE-2018-11797", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2018-10-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1637492" } ], "notes": [ { "category": "description", "text": "In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.", "title": "Vulnerability description" }, { "category": "summary", "text": "pdfbox: unbounded computation in parser resulting in a denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-11797" }, { "category": "external", "summary": "RHBZ#1637492", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1637492" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-11797", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-11797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11797" }, { "category": "external", "summary": "https://lists.apache.org/thread.html/a9760973a873522f4d4c0a99916ceb74f361d91006b663a0a418d34a@%3Cannounce.apache.org%3E", "url": "https://lists.apache.org/thread.html/a9760973a873522f4d4c0a99916ceb74f361d91006b663a0a418d34a@%3Cannounce.apache.org%3E" } ], "release_date": "2018-10-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "pdfbox: unbounded computation in parser resulting in a denial of service" }, { "cve": "CVE-2018-12541", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2018-10-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1638391" } ], "notes": [ { "category": "description", "text": "In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit (8192 bytes) above which the WebSocket gets an HTTP response with the 413 status code and the connection gets closed.", "title": "Vulnerability description" }, { "category": "summary", "text": "vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-12541" }, { "category": "external", "summary": "RHBZ#1638391", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1638391" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-12541", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12541" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12541", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12541" } ], "release_date": "2018-10-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake" }, { "cve": "CVE-2018-1000632", "cwe": { "id": "CWE-88", "name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)" }, "discovery_date": "2018-08-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1620529" } ], "notes": [ { "category": "description", "text": "dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.", "title": "Vulnerability description" }, { "category": "summary", "text": "dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1000632" }, { "category": "external", "summary": "RHBZ#1620529", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620529" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1000632", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000632" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000632", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000632" } ], "release_date": "2018-07-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents" }, { "cve": "CVE-2019-0231", "cwe": { "id": "CWE-319", "name": "Cleartext Transmission of Sensitive Information" }, "discovery_date": "2019-04-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1700016" } ], "notes": [ { "category": "description", "text": "A cryptographic protocol integrity flaw was discovered in Apache Mina. The closure of a TLS session would not always result in closure of the socket, allowing the conversation to continue in clear text. This could undermine the confidentiality of a connection and potentially disclose sensitive information to third-party attackers.", "title": "Vulnerability description" }, { "category": "summary", "text": "mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure.", "title": "Vulnerability summary" }, { "category": "other", "text": "* Red Hat OpenStack Platform\u0027s OpenDaylight versions 8-10 contain the vulnerable code. However, these OpenDaylight versions were released as technical preview with limited support and will therefore not be updated. Other OpenDaylight versions do not contain the vulnerable library.\n\n* This issue affects the version of apache-mina shipped with Red Hat Gluster Storage 3, as it contains the vulnerable functionality.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-0231" }, { "category": "external", "summary": "RHBZ#1700016", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1700016" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0231", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0231" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0231", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0231" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2019/04/14/1", "url": "https://www.openwall.com/lists/oss-security/2019/04/14/1" } ], "release_date": "2019-04-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure." }, { "cve": "CVE-2019-3797", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2019-04-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1697598" } ], "notes": [ { "category": "description", "text": "This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates \u2018startingWith\u2019, \u2018endingWith\u2019 or \u2018containing\u2019 could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE expressions in manually defined queries could return unexpected results if the parameter values bound did not have escaped reserved characters properly.", "title": "Vulnerability description" }, { "category": "summary", "text": "spring-data-jpa: Additional information exposure with Spring Data JPA derived queries", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-3797" }, { "category": "external", "summary": "RHBZ#1697598", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1697598" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-3797", "url": "https://www.cve.org/CVERecord?id=CVE-2019-3797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3797" } ], "release_date": "2019-04-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "spring-data-jpa: Additional information exposure with Spring Data JPA derived queries" }, { "cve": "CVE-2019-9511", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-08-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1741860" } ], "notes": [ { "category": "description", "text": "A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "HTTP/2: large amount of data requests leads to denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "There are no mitigations available for nghttp2 and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-9511" }, { "category": "external", "summary": "RHBZ#1741860", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9511", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9511" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511" }, { "category": "external", "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "category": "external", "summary": "https://kb.cert.org/vuls/id/605641/", "url": "https://kb.cert.org/vuls/id/605641/" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/" }, { "category": "external", "summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/", "url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/" } ], "release_date": "2019-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "category": "workaround", "details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3", "product_ids": [ "Red Hat Fuse 7.7.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "HTTP/2: large amount of data requests leads to denial of service" }, { "cve": "CVE-2019-9827", "cwe": { "id": "CWE-602", "name": "Client-Side Enforcement of Server-Side Security" }, "discovery_date": "2019-07-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1728604" } ], "notes": [ { "category": "description", "text": "Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI.", "title": "Vulnerability description" }, { "category": "summary", "text": "hawtio: server side request forgery via initial /proxy/ substring of a URI", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-9827" }, { "category": "external", "summary": "RHBZ#1728604", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728604" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9827", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9827" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9827", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9827" } ], "release_date": "2019-06-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hawtio: server side request forgery via initial /proxy/ substring of a URI" }, { "cve": "CVE-2019-10086", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-10-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1767483" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-10086" }, { "category": "external", "summary": "RHBZ#1767483", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1767483" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-10086", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10086" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10086", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10086" }, { "category": "external", "summary": "https://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.4/RELEASE-NOTES.txt", "url": "https://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.4/RELEASE-NOTES.txt" } ], "release_date": "2019-08-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "Red Hat Fuse 7.7.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default" }, { "acknowledgments": [ { "names": [ "Brian Stansberry" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-10172", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-04-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1715075" } ], "notes": [ { "category": "description", "text": "A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries such that an XML external entity (XXE) vulnerability affects codehaus\u0027s jackson-mapper-asl libraries. This vulnerability is similar to CVE-2016-3720. The primary threat from this flaw is data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-mapper-asl: XML external entity similar to CVE-2016-3720", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-10172" }, { "category": "external", "summary": "RHBZ#1715075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1715075" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-10172", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10172" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10172", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10172" } ], "release_date": "2019-11-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-mapper-asl: XML external entity similar to CVE-2016-3720" }, { "cve": "CVE-2019-12086", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2019-05-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1713468" } ], "notes": [ { "category": "description", "text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-12086" }, { "category": "external", "summary": "RHBZ#1713468", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713468" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-12086", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12086" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12086", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12086" } ], "release_date": "2019-05-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Fuse 7.7.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server." }, { "cve": "CVE-2019-12400", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-08-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1764658" } ], "notes": [ { "category": "description", "text": "In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4.", "title": "Vulnerability description" }, { "category": "summary", "text": "xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-12400" }, { "category": "external", "summary": "RHBZ#1764658", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764658" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-12400", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12400" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12400", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12400" } ], "release_date": "2019-08-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source" }, { "cve": "CVE-2019-12419", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2020-03-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816175" } ], "notes": [ { "category": "description", "text": "A flaw was found in cxf in versions prior to 3.2.11 and 3.3.4. The access token services do not properly validate that an authenticated principal is equal to that of the supplied clientId parameter allowing a malicious client to use an authorization code that has been issued to a different client as their own. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "cxf: OpenId Connect token service does not properly validate the clientId", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Logging the openshift-logging/elasticsearch6-rhel8 container bundles the vulnerable version of apache-cxf, but the vulnerable class is not shipped, hence this component is not affected by this vulnerability.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-12419" }, { "category": "external", "summary": "RHBZ#1816175", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816175" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-12419", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12419" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12419", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12419" } ], "release_date": "2019-11-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "cxf: OpenId Connect token service does not properly validate the clientId" }, { "cve": "CVE-2019-14540", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2019-09-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1755849" } ], "notes": [ { "category": "description", "text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nSatellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14540" }, { "category": "external", "summary": "RHBZ#1755849", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755849" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14540", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14540" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14540", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14540" } ], "release_date": "2019-09-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "category": "workaround", "details": "This vulnerability relies on com.zaxxer.hikari.HikariConfig being present in the application\u0027s ClassPath. Hikari is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use com.zaxxer.hikari are not impacted by this vulnerability.\n\nA mitigation to this class of problem in jackson-databind is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true", "product_ids": [ "Red Hat Fuse 7.7.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig" }, { "acknowledgments": [ { "names": [ "Henning Baldersheim", "H\u00e5vard Pettersen" ], "organization": "Verizon Media" } ], "cve": "CVE-2019-14888", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-10-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1772464" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14888" }, { "category": "external", "summary": "RHBZ#1772464", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772464" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14888", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14888" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14888", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14888" } ], "release_date": "2020-01-20T12:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "category": "workaround", "details": "Enable HTTP2 (enable-http2=\"true\") in the undertow\u0027s HTTPS settings.", "product_ids": [ "Red Hat Fuse 7.7.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS" }, { "cve": "CVE-2019-14892", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2019-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1758171" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in classes of the commons-configuration package", "title": "Vulnerability summary" }, { "category": "other", "text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14892" }, { "category": "external", "summary": "RHBZ#1758171", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758171" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14892", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14892" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14892", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14892" } ], "release_date": "2019-09-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in classes of the commons-configuration package" }, { "cve": "CVE-2019-14893", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2019-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1758182" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in classes of the xalan package", "title": "Vulnerability summary" }, { "category": "other", "text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14893" }, { "category": "external", "summary": "RHBZ#1758182", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758182" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14893", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14893" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14893", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14893" } ], "release_date": "2019-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Fuse 7.7.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in classes of the xalan package" }, { "cve": "CVE-2019-16335", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2019-09-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1755831" } ], "notes": [ { "category": "description", "text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nSatellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16335" }, { "category": "external", "summary": "RHBZ#1755831", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755831" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16335", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16335" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16335", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16335" } ], "release_date": "2019-09-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "category": "workaround", "details": "This vulnerability relies on com.zaxxer.hikari.HikariDataSource being present in the application\u0027s ClassPath. Hikari is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use com.zaxxer.hikari are not impacted by this vulnerability.\n\nA mitigation to this class of problem in jackson-databind is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true", "product_ids": [ "Red Hat Fuse 7.7.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource" }, { "cve": "CVE-2019-16942", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2019-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1758187" } ], "notes": [ { "category": "description", "text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*", "title": "Vulnerability summary" }, { "category": "other", "text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16942" }, { "category": "external", "summary": "RHBZ#1758187", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758187" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16942", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16942" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16942", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16942" } ], "release_date": "2019-09-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Fuse 7.7.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*" }, { "cve": "CVE-2019-16943", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2019-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1758191" } ], "notes": [ { "category": "description", "text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource", "title": "Vulnerability summary" }, { "category": "other", "text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16943" }, { "category": "external", "summary": "RHBZ#1758191", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758191" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16943", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16943" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16943", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16943" } ], "release_date": "2019-09-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Fuse 7.7.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource" }, { "cve": "CVE-2019-17267", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2019-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1758167" } ], "notes": [ { "category": "description", "text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in classes of the ehcache package", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nRed Hat OpenShift Container Platform does ship the vulnerable component, but does not enable the unsafe conditions needed to exploit, lowering their vulnerability impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-17267" }, { "category": "external", "summary": "RHBZ#1758167", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758167" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-17267", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17267" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17267", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17267" } ], "release_date": "2019-09-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Fuse 7.7.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in classes of the ehcache package" }, { "cve": "CVE-2019-17531", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-11-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1775293" } ], "notes": [ { "category": "description", "text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*", "title": "Vulnerability summary" }, { "category": "other", "text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenShift Container Platform does ship the vulnerable component, but does not enable the unsafe conditions needed to exploit, lowering their vulnerability impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-17531" }, { "category": "external", "summary": "RHBZ#1775293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775293" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-17531", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17531" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17531", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17531" } ], "release_date": "2019-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Fuse 7.7.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*" }, { "cve": "CVE-2019-17573", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-01-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1797011" } ], "notes": [ { "category": "description", "text": "By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable.", "title": "Vulnerability description" }, { "category": "summary", "text": "cxf: reflected XSS in the services listing page", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-17573" }, { "category": "external", "summary": "RHBZ#1797011", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797011" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-17573", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17573" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17573", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17573" } ], "release_date": "2020-01-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "category": "workaround", "details": "Mitigate this flaw by disabling the service listing altogether; via setting the \"hide-service-list-page\" servlet parameter to \"true\".", "product_ids": [ "Red Hat Fuse 7.7.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "cxf: reflected XSS in the services listing page" }, { "cve": "CVE-2019-20330", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-01-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793154" } ], "notes": [ { "category": "description", "text": "FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: lacks certain net.sf.ehcache blocking", "title": "Vulnerability summary" }, { "category": "other", "text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-20330" }, { "category": "external", "summary": "RHBZ#1793154", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793154" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-20330", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20330" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20330", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20330" } ], "release_date": "2020-01-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Fuse 7.7.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: lacks certain net.sf.ehcache blocking" }, { "cve": "CVE-2019-20444", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-01-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1798524" } ], "notes": [ { "category": "description", "text": "A HTTP smuggling flaw was found in HttpObjectDecoder.java in Netty in versions prior to version 4.1.44. HTTP headers with an invalid fold, in this case CRLF (carriage return, line feed) without being followed by SP (space) or HTAB (horizontal tab), result in situations where headers can be misread. Data integrity is the highest threat with this vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that the previous vulnerability, CVE-2019-16869, does not pose a substantial practical threat to ElasticSearch 6. We agree that these issues would be difficult to exploit on OpenShift Container Platform so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships a vulnerable version of netty embedded in Candlepin. However, the flaw can not be triggered in that context, because HTTP requests are handled by Tomcat, not by netty. A future release may fix this.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-20444" }, { "category": "external", "summary": "RHBZ#1798524", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798524" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-20444", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20444" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20444", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20444" }, { "category": "external", "summary": "https://github.com/elastic/elasticsearch/issues/49396", "url": "https://github.com/elastic/elasticsearch/issues/49396" } ], "release_date": "2020-01-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "category": "workaround", "details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings", "product_ids": [ "Red Hat Fuse 7.7.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "netty: HTTP request smuggling" }, { "cve": "CVE-2019-20445", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-01-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1798509" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a server, it could result in a viable HTTP smuggling vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that the previous vulnerability, CVE-2019-16869, does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit both these vulnerabilities on OpenShift Container Platform, so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships a vulnerable version of netty embedded in Candlepin. However, the flaw can not be triggered in that context, because HTTP requests are handled by Tomcat, not by netty. A future release may fix this.\n\n[1] https://github.com/elastic/elasticsearch/issues/49396", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-20445" }, { "category": "external", "summary": "RHBZ#1798509", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798509" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-20445", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20445" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20445", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20445" } ], "release_date": "2020-01-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "category": "workaround", "details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings", "product_ids": [ "Red Hat Fuse 7.7.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header" }, { "acknowledgments": [ { "names": [ "Steve Zapantis", "Robert Roberson", "taktakdb4g" ] } ], "cve": "CVE-2020-1745", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807305" } ], "notes": [ { "category": "description", "text": "A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: AJP File Read/Inclusion Vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251 and CVE page https://access.redhat.com/security/cve/cve-2020-1938", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1745" }, { "category": "external", "summary": "RHBZ#1807305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807305" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1745", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1745" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1745", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1745" }, { "category": "external", "summary": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/", "url": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/" }, { "category": "external", "summary": "https://www.cnvd.org.cn/webinfo/show/5415", "url": "https://www.cnvd.org.cn/webinfo/show/5415" }, { "category": "external", "summary": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487", "url": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487" } ], "release_date": "2020-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "category": "workaround", "details": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251", "product_ids": [ "Red Hat Fuse 7.7.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: AJP File Read/Inclusion Vulnerability" }, { "acknowledgments": [ { "names": [ "Fedorov Oleksii", "Keitaro Yamazaki", "Shiga Ryota" ], "organization": "LINE Corporation" } ], "cve": "CVE-2020-1757", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2019-09-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1752770" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1757" }, { "category": "external", "summary": "RHBZ#1752770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752770" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1757", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1757" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1757", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1757" } ], "release_date": "2018-12-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "category": "workaround", "details": "The issue can be mitigated by configuring UrlPathHelper to ignore the servletPath via setting \"alwaysUseFullPath\".", "product_ids": [ "Red Hat Fuse 7.7.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass" }, { "cve": "CVE-2020-1953", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-03-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815212" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Commons Configuration, where it uses a third-party library to process YAML files, which by default, allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. If a YAML file was loaded from an untrusted source, it could load and execute code out of the control of the host application.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-commons-configuration: uncontrolled class instantiation when loading YAML files", "title": "Vulnerability summary" }, { "category": "other", "text": "Several packages are unaffected because they do not include support for YAML configurations:\n* `apache-commons-configuration` as shipped with Red Hat Enterprise Linux 7\n* `apache-commons-configuration` as shipped with Red Hat Enterprise Virtualization\n* `rh-maven35-apache-commons-configuration` as shipped with Red Hat Software Collections\n* `commons-configuration` as shipped with Red Hat Gluster Storage", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1953" }, { "category": "external", "summary": "RHBZ#1815212", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815212" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1953", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1953" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1953", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1953" }, { "category": "external", "summary": "https://github.com/apache/commons-configuration/commit/add7375cf37fd316d4838c6c56b054fc293b4641", "url": "https://github.com/apache/commons-configuration/commit/add7375cf37fd316d4838c6c56b054fc293b4641" }, { "category": "external", "summary": "https://lists.apache.org/thread.html/rde2186ad6ac0d6ed8d51af7509244adcf1ce0f9a3b7e1d1dd3b64676@%3Ccommits.camel.apache.org%3E", "url": "https://lists.apache.org/thread.html/rde2186ad6ac0d6ed8d51af7509244adcf1ce0f9a3b7e1d1dd3b64676@%3Ccommits.camel.apache.org%3E" } ], "release_date": "2020-03-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "category": "workaround", "details": "There is currently no mitigation available for this vulnerability.", "product_ids": [ "Red Hat Fuse 7.7.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "apache-commons-configuration: uncontrolled class instantiation when loading YAML files" }, { "cve": "CVE-2020-7238", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-01-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1796225" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. This flaw allows HTTP Request Smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that the previous vulnerability, CVE-2019-16869, does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit both these vulnerabilities on OpenShift Container Platform, so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships vulnerable netty version embedded in Candlepin, however, is not directly vulnerable since HTTP requests are handled by Tomcat and not netty.\n\n[1] https://github.com/elastic/elasticsearch/issues/49396", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-7238" }, { "category": "external", "summary": "RHBZ#1796225", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796225" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-7238", "url": "https://www.cve.org/CVERecord?id=CVE-2020-7238" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7238", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7238" }, { "category": "external", "summary": "https://netty.io/news/2019/12/18/4-1-44-Final.html", "url": "https://netty.io/news/2019/12/18/4-1-44-Final.html" } ], "release_date": "2020-01-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "category": "workaround", "details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings", "product_ids": [ "Red Hat Fuse 7.7.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling" }, { "cve": "CVE-2020-8840", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816330" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A \"gadget\" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-8840" }, { "category": "external", "summary": "RHBZ#1816330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8840", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking" }, { "cve": "CVE-2020-9546", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816332" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in shaded-hikari-config", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9546" }, { "category": "external", "summary": "RHBZ#1816332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9546", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in shaded-hikari-config" }, { "cve": "CVE-2020-9547", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816337" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in ibatis-sqlmap", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9547" }, { "category": "external", "summary": "RHBZ#1816337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9547", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in ibatis-sqlmap" }, { "cve": "CVE-2020-9548", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816340" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in anteros-core", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9548" }, { "category": "external", "summary": "RHBZ#1816340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9548", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in anteros-core" }, { "cve": "CVE-2020-10672", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815495" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10672" }, { "category": "external", "summary": "RHBZ#1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" } ], "release_date": "2020-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815470" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "category": "external", "summary": "RHBZ#1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "acknowledgments": [ { "names": [ "Aaron Ogburn" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10687", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785049" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10687" }, { "category": "external", "summary": "RHBZ#1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests" }, { "cve": "CVE-2020-10968", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1819208" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x prior to version 2.9.10.4. The interaction between serialization gadgets and typing is mishandled in the bus-proxy. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider", "title": "Vulnerability summary" }, { "category": "other", "text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10968" }, { "category": "external", "summary": "RHBZ#1819208", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819208" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10968", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10968" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10968", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10968" } ], "release_date": "2020-03-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Fuse 7.7.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider" }, { "cve": "CVE-2020-10969", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1819212" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in javax.swing.JEditorPane", "title": "Vulnerability summary" }, { "category": "other", "text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10969" }, { "category": "external", "summary": "RHBZ#1819212", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819212" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10969", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10969" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10969", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10969" } ], "release_date": "2020-03-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Fuse 7.7.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in javax.swing.JEditorPane" }, { "cve": "CVE-2020-11111", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1821304" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11111" }, { "category": "external", "summary": "RHBZ#1821304", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821304" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11111", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11111" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11111", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11111" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2664", "url": "https://github.com/FasterXML/jackson-databind/issues/2664" } ], "release_date": "2020-03-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Fuse 7.7.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory" }, { "cve": "CVE-2020-11112", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1821311" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11112" }, { "category": "external", "summary": "RHBZ#1821311", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821311" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11112", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11112" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11112", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11112" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2666", "url": "https://github.com/FasterXML/jackson-databind/issues/2666" } ], "release_date": "2020-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Fuse 7.7.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider" }, { "cve": "CVE-2020-11113", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1821315" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11113" }, { "category": "external", "summary": "RHBZ#1821315", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821315" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11113", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11113" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11113", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11113" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2670", "url": "https://github.com/FasterXML/jackson-databind/issues/2670" } ], "release_date": "2020-03-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Fuse 7.7.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime" }, { "cve": "CVE-2020-11619", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-04-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1826805" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in org.springframework:spring-aop", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11619" }, { "category": "external", "summary": "RHBZ#1826805", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826805" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11619", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11619" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11619", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11619" } ], "release_date": "2020-04-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Fuse 7.7.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in org.springframework:spring-aop" }, { "cve": "CVE-2020-11620", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-04-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1826798" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in commons-jelly:commons-jelly", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11620" }, { "category": "external", "summary": "RHBZ#1826798", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826798" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11620", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11620" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11620", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11620" } ], "release_date": "2020-04-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Fuse 7.7.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in commons-jelly:commons-jelly" }, { "cve": "CVE-2020-14060", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-06-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1848960" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool", "title": "Vulnerability summary" }, { "category": "other", "text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 and Red Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.\n\nThe version of jackson-databind as shipped in Red Hat Software Collections rh-maven35 is used only while building maven, thus it does not deserialize data coming from untrusted sources, lowering the impact of the vulnerability for the Product.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14060" }, { "category": "external", "summary": "RHBZ#1848960", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848960" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14060", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14060" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14060", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14060" } ], "release_date": "2020-05-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* enableDefaultTyping()\n* @JsonTypeInfo using id.CLASS or id.MINIMAL_CLASS\n* oadd.org.apache.xalan.lib.sql.JNDIConnectionPool in classpath", "product_ids": [ "Red Hat Fuse 7.7.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool" }, { "cve": "CVE-2020-14061", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-06-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1848966" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: serialization in weblogic/oracle-aqjms", "title": "Vulnerability summary" }, { "category": "other", "text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 and Red Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.\n\nThe version of jackson-databind as shipped in Red Hat Software Collections rh-maven35 is used only while building maven, thus it does not deserialize data coming from untrusted sources, lowering the impact of the vulnerability for the Product.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14061" }, { "category": "external", "summary": "RHBZ#1848966", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848966" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14061", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14061" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14061", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14061" } ], "release_date": "2020-05-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* enableDefaultTyping()\n* @JsonTypeInfo using id.CLASS or id.MINIMAL_CLASS\n* oracle.jms.AQjms*ConnectionFactory in classpath", "product_ids": [ "Red Hat Fuse 7.7.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: serialization in weblogic/oracle-aqjms" }, { "cve": "CVE-2020-14062", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-06-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1848962" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool", "title": "Vulnerability summary" }, { "category": "other", "text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 and Red Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.\n\nThe version of jackson-databind as shipped in Red Hat Software Collections rh-maven35 is used only while building maven, thus it does not deserialize data coming from untrusted sources, lowering the impact of the vulnerability for the Product.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14062" }, { "category": "external", "summary": "RHBZ#1848962", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848962" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14062", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14062" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14062", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14062" } ], "release_date": "2020-05-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* enableDefaultTyping()\n* @JsonTypeInfo using id.CLASS or id.MINIMAL_CLASS\n* com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool in classpath", "product_ids": [ "Red Hat Fuse 7.7.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool" }, { "cve": "CVE-2020-14195", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-06-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1848958" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory", "title": "Vulnerability summary" }, { "category": "other", "text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 and Red Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.\n\nThe version of jackson-databind as shipped in Red Hat Software Collections rh-maven35 is used only while building maven, thus it does not deserialize data coming from untrusted sources, lowering the impact of the vulnerability for the Product.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14195" }, { "category": "external", "summary": "RHBZ#1848958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14195", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14195" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14195", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14195" } ], "release_date": "2020-06-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-28T15:54:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.7.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/", "product_ids": [ "Red Hat Fuse 7.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* enableDefaultTyping()\n* @JsonTypeInfo using id.CLASS or id.MINIMAL_CLASS\n* org.jsecurity.realm.jndi.JndiRealmFactory in classpath", "product_ids": [ "Red Hat Fuse 7.7.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory" } ] }
rhsa-2020_3501
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.4.2 serves as a replacement for Red Hat Single Sign-On 7.4.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body (CVE-2020-10758)\n\n* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n* wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)\n\n* netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes (CVE-2020-11612)\n\n* keycloak: security headers missing on REST endpoints (CVE-2020-1728)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3501", "url": "https://access.redhat.com/errata/RHSA-2020:3501" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso\u0026downloadType=securityPatches\u0026version=7.4", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso\u0026downloadType=securityPatches\u0026version=7.4" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/" }, { "category": "external", "summary": "1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1800585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800585" }, { "category": "external", "summary": "1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "1816216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "1843849", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843849" }, { "category": "external", "summary": "1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3501.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.4.2 security update", "tracking": { "current_release_date": "2024-12-08T11:27:58+00:00", "generator": { "date": "2024-12-08T11:27:58+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2020:3501", "initial_release_date": "2020-08-18T16:34:33+00:00", "revision_history": [ { "date": "2020-08-18T16:34:33+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-08-18T16:34:33+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-08T11:27:58+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.4.2", "product": { "name": "Red Hat Single Sign-On 7.4.2", "product_id": "Red Hat Single Sign-On 7.4.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_single_sign_on:7.4" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "cve": "CVE-2020-1728", "cwe": { "id": "CWE-358", "name": "Improperly Implemented Security Check for Standard" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800585" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak\u2019s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible exploits are servers being prone to clickjacking, channel downgrade attacks, and other similar client-based attack vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: security headers missing on REST endpoints", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1728" }, { "category": "external", "summary": "RHBZ#1800585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800585" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1728", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1728" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1728", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1728" } ], "release_date": "2019-11-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: security headers missing on REST endpoints" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "cve": "CVE-2020-10672", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815495" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10672" }, { "category": "external", "summary": "RHBZ#1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" } ], "release_date": "2020-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815470" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "category": "external", "summary": "RHBZ#1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "acknowledgments": [ { "names": [ "Adith Sudhakar" ] } ], "cve": "CVE-2020-10683", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1694235" } ], "notes": [ { "category": "description", "text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", "title": "Vulnerability description" }, { "category": "summary", "text": "dom4j: XML External Entity vulnerability in default SAX parser", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10683" }, { "category": "external", "summary": "RHBZ#1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dom4j: XML External Entity vulnerability in default SAX parser" }, { "acknowledgments": [ { "names": [ "Aaron Ogburn" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10687", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785049" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10687" }, { "category": "external", "summary": "RHBZ#1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests" }, { "acknowledgments": [ { "names": [ "Alvaro Mu\u00f1oz" ], "organization": "GitHub Security Labs" } ], "cve": "CVE-2020-10693", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805501" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages", "title": "Vulnerability summary" }, { "category": "other", "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10693" }, { "category": "external", "summary": "RHBZ#1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693" } ], "release_date": "2020-05-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" }, { "category": "workaround", "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "acknowledgments": [ { "names": [ "James R. Perkins" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10718", "cwe": { "id": "CWE-749", "name": "Exposed Dangerous Method or Function" }, "discovery_date": "2020-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828476" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10718" }, { "category": "external", "summary": "RHBZ#1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API" }, { "acknowledgments": [ { "names": [ "Moritz Bechler" ], "organization": "SySS GmbH" } ], "cve": "CVE-2020-10740", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1834512" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10740" }, { "category": "external", "summary": "RHBZ#1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740" } ], "release_date": "2020-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans" }, { "acknowledgments": [ { "names": [ "Matt Hamilton" ], "organization": "Soluble.ai" } ], "cve": "CVE-2020-10758", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-06-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1843849" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows an attacker to perform a denial of service attack by sending multiple simultaneous requests with a Content-Length header value greater than the actual byte count of the request body. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10758" }, { "category": "external", "summary": "RHBZ#1843849", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843849" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10758", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10758" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10758", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10758" } ], "release_date": "2020-08-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" }, { "category": "workaround", "details": "- The possibility of this issue largely depends on the environment, specifically the load balancer or reverse proxies between the client and the server. The issue occurs when there is no load balancer in place.\n\n- Proper tuning of HTTP request timeout and keycloak database max pool size can mitigate this issue :\nbin/jboss-cli.sh --connect --commands=\u0027/subsystem=transactions:write-attribute(name=default-timeout,value=30),/subsystem=undertow/server=default-server/http-listener=default/:write-attribute(name=read-timeout,value=30000),/subsystem=undertow/server=default-server/https-listener=https/:write-attribute(name=read-timeout,value=30000),/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=max-pool-size,value=100),reload\u0027", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body" }, { "cve": "CVE-2020-11612", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816216" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11612" }, { "category": "external", "summary": "RHBZ#1816216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11612" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612" } ], "release_date": "2020-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes" }, { "cve": "CVE-2020-14297", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853595" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14297" }, { "category": "external", "summary": "RHBZ#1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14297" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service" }, { "cve": "CVE-2020-14307", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "discovery_date": "2020-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851327" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14307" }, { "category": "external", "summary": "RHBZ#1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service" } ] }
rhsa-2021_0872
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.6 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client (CVE-2020-35510)\n\n* bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible (CVE-2020-28052)\n\n* wildfly-undertow: undertow: Possible regression in fix for CVE-2020-10687 (CVE-2021-20220)\n\n* jboss-ejb-client: wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client (CVE-2021-20250)\n\n* guava: local information disclosure via temporary directory created with unsafe permissions (CVE-2020-8908)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:0872", "url": "https://access.redhat.com/errata/RHSA-2021:0872" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/" }, { "category": "external", "summary": "1905796", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905796" }, { "category": "external", "summary": "1906919", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906919" }, { "category": "external", "summary": "1912881", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912881" }, { "category": "external", "summary": "1923133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923133" }, { "category": "external", "summary": "1929479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929479" }, { "category": "external", "summary": "JBEAP-20336", "url": "https://issues.redhat.com/browse/JBEAP-20336" }, { "category": "external", "summary": "JBEAP-20628", "url": "https://issues.redhat.com/browse/JBEAP-20628" }, { "category": "external", "summary": "JBEAP-20672", "url": "https://issues.redhat.com/browse/JBEAP-20672" }, { "category": "external", "summary": "JBEAP-20694", "url": "https://issues.redhat.com/browse/JBEAP-20694" }, { "category": "external", "summary": "JBEAP-20695", "url": "https://issues.redhat.com/browse/JBEAP-20695" }, { "category": "external", "summary": "JBEAP-20715", "url": "https://issues.redhat.com/browse/JBEAP-20715" }, { "category": "external", "summary": "JBEAP-20762", "url": "https://issues.redhat.com/browse/JBEAP-20762" }, { "category": "external", "summary": "JBEAP-20791", "url": "https://issues.redhat.com/browse/JBEAP-20791" }, { "category": "external", "summary": "JBEAP-20795", "url": "https://issues.redhat.com/browse/JBEAP-20795" }, { "category": "external", "summary": "JBEAP-20802", "url": "https://issues.redhat.com/browse/JBEAP-20802" }, { "category": "external", "summary": "JBEAP-20805", "url": "https://issues.redhat.com/browse/JBEAP-20805" }, { "category": "external", "summary": "JBEAP-20815", "url": "https://issues.redhat.com/browse/JBEAP-20815" }, { "category": "external", "summary": "JBEAP-20816", "url": "https://issues.redhat.com/browse/JBEAP-20816" }, { "category": "external", "summary": "JBEAP-20883", "url": "https://issues.redhat.com/browse/JBEAP-20883" }, { "category": "external", "summary": "JBEAP-20887", "url": "https://issues.redhat.com/browse/JBEAP-20887" }, { "category": "external", "summary": "JBEAP-20908", "url": "https://issues.redhat.com/browse/JBEAP-20908" }, { "category": "external", "summary": "JBEAP-20918", "url": "https://issues.redhat.com/browse/JBEAP-20918" }, { "category": "external", "summary": "JBEAP-20941", "url": "https://issues.redhat.com/browse/JBEAP-20941" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0872.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.6 security update", "tracking": { "current_release_date": "2024-12-01T12:17:10+00:00", "generator": { "date": "2024-12-01T12:17:10+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2021:0872", "initial_release_date": "2021-03-16T13:41:30+00:00", "revision_history": [ { "date": "2021-03-16T13:41:30+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-03-16T13:41:30+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-01T12:17:10+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product": { "name": "Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-naming-client@1.0.14-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.27-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.src", "product": { "name": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.src", "product_id": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-guava-failureaccess@1.0.1-1.redhat_00002.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.25-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.src", "product": { "name": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.src", "product_id": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.20-2.SP1_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana@5.9.11-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.18-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.11-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.src", "product": { "name": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.src", "product_id": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.34-1.SP1_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.src", "product": { "name": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.src", "product_id": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle@1.68.0-1.redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.2.13-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.src", "product": { "name": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.src", "product_id": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.39-1.SP1_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.src", "product_id": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-5.Final_redhat_00006.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.src", "product": { "name": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.src", "product_id": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.9.0-9.redhat_00019.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.src", "product": { "name": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.src", "product_id": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.6-1.GA_redhat_00002.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.src", "product": { "name": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.src", "product_id": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-guava-libraries@30.1.0-1.redhat_00001.1.el6eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-naming-client@1.0.14-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.27-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.27-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.27-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.27-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.27-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.27-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.27-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.27-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.27-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.noarch", "product": { "name": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.noarch", "product_id": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-guava-failureaccess@1.0.1-1.redhat_00002.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.25-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.25-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.25-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.25-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.noarch", "product_id": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.20-2.SP1_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana@5.9.11-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-compensations@5.9.11-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jbosstxbridge@5.9.11-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jbossxts@5.9.11-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jts-idlj@5.9.11-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jts-integration@5.9.11-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-api@5.9.11-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-bridge@5.9.11-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-integration@5.9.11-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-util@5.9.11-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-txframework@5.9.11-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.18-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.11-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.10.11-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.noarch", "product_id": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.34-1.SP1_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle@1.68.0-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-mail@1.68.0-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-pkix@1.68.0-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-prov@1.68.0-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.2.13-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.noarch", "product_id": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.39-1.SP1_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-5.Final_redhat_00006.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.2-5.Final_redhat_00006.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.2-5.Final_redhat_00006.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.2-5.Final_redhat_00006.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.2-5.Final_redhat_00006.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.2-5.Final_redhat_00006.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.2-5.Final_redhat_00006.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.2-5.Final_redhat_00006.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.2-5.Final_redhat_00006.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.2-5.Final_redhat_00006.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.2-5.Final_redhat_00006.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.2-5.Final_redhat_00006.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.2-5.Final_redhat_00006.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.2-5.Final_redhat_00006.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.2-5.Final_redhat_00006.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.2-5.Final_redhat_00006.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.2-5.Final_redhat_00006.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.2-5.Final_redhat_00006.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.2-5.Final_redhat_00006.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.2-5.Final_redhat_00006.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.2-5.Final_redhat_00006.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.2-5.Final_redhat_00006.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product": { "name": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product_id": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.9.0-9.redhat_00019.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product": { "name": "eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product_id": "eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.9.0-9.redhat_00019.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product": { "name": "eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product_id": "eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.9.0-9.redhat_00019.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product": { "name": "eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product_id": "eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.9.0-9.redhat_00019.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product": { "name": "eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product_id": "eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.9.0-9.redhat_00019.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.9.0-9.redhat_00019.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.9.0-9.redhat_00019.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product": { "name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product_id": "eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.9.0-9.redhat_00019.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product_id": "eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.9.0-9.redhat_00019.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product_id": "eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.9.0-9.redhat_00019.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product": { "name": "eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product_id": "eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.9.0-9.redhat_00019.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product": { "name": "eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product_id": "eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.9.0-9.redhat_00019.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product": { "name": "eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product_id": "eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.9.0-9.redhat_00019.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product": { "name": "eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product_id": "eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.9.0-9.redhat_00019.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product": { "name": "eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product_id": "eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.9.0-9.redhat_00019.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product": { "name": "eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product_id": "eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.9.0-9.redhat_00019.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "product": { "name": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "product_id": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.6-1.GA_redhat_00002.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.6-1.GA_redhat_00002.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "product_id": "eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.6-1.GA_redhat_00002.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-guava-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-guava-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-guava-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-guava@30.1.0-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-guava-libraries@30.1.0-1.redhat_00001.1.el6eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.noarch" }, "product_reference": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.src" }, "product_reference": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el6eap.noarch" }, "product_reference": "eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el6eap.noarch" }, "product_reference": "eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch" }, "product_reference": "eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el6eap.noarch" }, "product_reference": "eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch" }, "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch" }, "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el6eap.noarch" }, "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el6eap.noarch" }, "product_reference": "eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el6eap.noarch" }, "product_reference": "eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el6eap.noarch" }, "product_reference": "eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch" }, "product_reference": "eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el6eap.noarch" }, "product_reference": "eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el6eap.noarch" }, "product_reference": "eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.src" }, "product_reference": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-guava-0:30.1.0-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-guava-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.noarch" }, "product_reference": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.src" }, "product_reference": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.src" }, "product_reference": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.src" }, "product_reference": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-8908", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2020-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1906919" } ], "notes": [ { "category": "description", "text": "A flaw was found in Guava that creates temporary directories with default permissions similar to /tmp. This issue may allow local users access, possibly permitting information exposure.", "title": "Vulnerability description" }, { "category": "summary", "text": "guava: local information disclosure via temporary directory created with unsafe permissions", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.src", "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-8908" }, { "category": "external", "summary": "RHBZ#1906919", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906919" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8908", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8908" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8908", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8908" } ], "release_date": "2020-09-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-16T13:41:30+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.src", "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0872" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.src", "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "guava: local information disclosure via temporary directory created with unsafe permissions" }, { "acknowledgments": [ { "names": [ "Aaron Ogburn" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10687", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785049" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.src", "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10687" }, { "category": "external", "summary": "RHBZ#1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-16T13:41:30+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.src", "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0872" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.src", "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests" }, { "cve": "CVE-2020-28052", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2021-01-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1912881" } ], "notes": [ { "category": "description", "text": "A flaw was found in bouncycastle. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.src", "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-28052" }, { "category": "external", "summary": "RHBZ#1912881", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912881" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28052", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28052" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28052", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28052" } ], "release_date": "2020-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-16T13:41:30+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.src", "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0872" }, { "category": "workaround", "details": "Users unable to upgrade to version 1.67 or greater can copy the `OpenBSDBCrypt.doCheckPassword()` method implementation (https://github.com/bcgit/bc-java/blob/r1rv67/core/src/main/java/org/bouncycastle/crypto/generators/OpenBSDBCrypt.java#L259-L343) into their own utility class and supplement it with the required methods and variables as required", "product_ids": [ "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.src", "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.src", "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible" }, { "cve": "CVE-2020-35510", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-12-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1905796" } ], "notes": [ { "category": "description", "text": "A flaw was found in jboss-remoting. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code, deleting the lines that send the ACK message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.src", "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-35510" }, { "category": "external", "summary": "RHBZ#1905796", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905796" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-35510", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35510" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-35510", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35510" } ], "release_date": "2020-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-16T13:41:30+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.src", "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0872" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.src", "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client" }, { "cve": "CVE-2021-20220", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-01-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1923133" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Possible regression in fix for CVE-2020-10687", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.src", "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-20220" }, { "category": "external", "summary": "RHBZ#1923133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923133" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-20220", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20220" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20220", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20220" } ], "release_date": "2021-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-16T13:41:30+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.src", "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0872" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.src", "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Possible regression in fix for CVE-2020-10687" }, { "cve": "CVE-2021-20250", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2021-02-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1929479" } ], "notes": [ { "category": "description", "text": "A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.src", "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-20250" }, { "category": "external", "summary": "RHBZ#1929479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929479" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-20250", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20250" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20250", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20250" } ], "release_date": "2021-02-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-16T13:41:30+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.src", "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0872" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap.src", "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client" } ] }
rhsa-2020_3462
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3462", "url": "https://access.redhat.com/errata/RHSA-2020:3462" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/" }, { "category": "external", "summary": "1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "JBEAP-19095", "url": "https://issues.redhat.com/browse/JBEAP-19095" }, { "category": "external", "summary": "JBEAP-19134", "url": "https://issues.redhat.com/browse/JBEAP-19134" }, { "category": "external", "summary": "JBEAP-19185", "url": "https://issues.redhat.com/browse/JBEAP-19185" }, { "category": "external", "summary": "JBEAP-19203", "url": "https://issues.redhat.com/browse/JBEAP-19203" }, { "category": "external", "summary": "JBEAP-19269", "url": "https://issues.redhat.com/browse/JBEAP-19269" }, { "category": "external", "summary": "JBEAP-19322", "url": "https://issues.redhat.com/browse/JBEAP-19322" }, { "category": "external", "summary": "JBEAP-19325", "url": "https://issues.redhat.com/browse/JBEAP-19325" }, { "category": "external", "summary": "JBEAP-19397", "url": "https://issues.redhat.com/browse/JBEAP-19397" }, { "category": "external", "summary": "JBEAP-19410", "url": "https://issues.redhat.com/browse/JBEAP-19410" }, { "category": "external", "summary": "JBEAP-19529", "url": "https://issues.redhat.com/browse/JBEAP-19529" }, { "category": "external", "summary": "JBEAP-19564", "url": "https://issues.redhat.com/browse/JBEAP-19564" }, { "category": "external", "summary": "JBEAP-19585", "url": "https://issues.redhat.com/browse/JBEAP-19585" }, { "category": "external", "summary": "JBEAP-19617", "url": "https://issues.redhat.com/browse/JBEAP-19617" }, { "category": "external", "summary": "JBEAP-19619", "url": "https://issues.redhat.com/browse/JBEAP-19619" }, { "category": "external", "summary": "JBEAP-19673", "url": "https://issues.redhat.com/browse/JBEAP-19673" }, { "category": "external", "summary": "JBEAP-19674", "url": "https://issues.redhat.com/browse/JBEAP-19674" }, { "category": "external", "summary": "JBEAP-19874", "url": "https://issues.redhat.com/browse/JBEAP-19874" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3462.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update", "tracking": { "current_release_date": "2024-12-08T11:27:31+00:00", "generator": { "date": "2024-12-08T11:27:31+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2020:3462", "initial_release_date": "2020-08-17T13:28:06+00:00", "revision_history": [ { "date": "2020-08-17T13:28:06+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-08-17T13:28:06+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-08T11:27:31+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product": { "name": "Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-elytron-web@1.6.2-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.8-1.SP1_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "product": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP11_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP04_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.48-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.7-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@9.4.19-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "product": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "product_id": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-common@1.5.2-1.Final_redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.2.9-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.10.4-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "product_id": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.1-7.Final_redhat_00009.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "product": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "product_id": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.2-4.GA_redhat_00002.1.el7eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow-server@1.6.2-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.8-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP11_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP04_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.48-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-all@4.1.48-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.7-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.10.7-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-commons@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-core@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-common@1.5.2-1.Final_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.20-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.2.9-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.2-4.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.3.2-4.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.3.2-4.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.2-4.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.2-4.GA_redhat_00002.1.el7eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src" }, "product_reference": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src" }, "product_reference": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Guillaume Smet" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14900", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2019-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666499" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate: SQL injection issue in Hibernate ORM", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14900" }, { "category": "external", "summary": "RHBZ#1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate: SQL injection issue in Hibernate ORM" }, { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "cve": "CVE-2020-10672", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815495" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10672" }, { "category": "external", "summary": "RHBZ#1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" } ], "release_date": "2020-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815470" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "category": "external", "summary": "RHBZ#1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "acknowledgments": [ { "names": [ "Adith Sudhakar" ] } ], "cve": "CVE-2020-10683", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1694235" } ], "notes": [ { "category": "description", "text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", "title": "Vulnerability description" }, { "category": "summary", "text": "dom4j: XML External Entity vulnerability in default SAX parser", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10683" }, { "category": "external", "summary": "RHBZ#1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dom4j: XML External Entity vulnerability in default SAX parser" }, { "acknowledgments": [ { "names": [ "Aaron Ogburn" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10687", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785049" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10687" }, { "category": "external", "summary": "RHBZ#1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests" }, { "acknowledgments": [ { "names": [ "Alvaro Mu\u00f1oz" ], "organization": "GitHub Security Labs" } ], "cve": "CVE-2020-10693", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805501" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages", "title": "Vulnerability summary" }, { "category": "other", "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10693" }, { "category": "external", "summary": "RHBZ#1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693" } ], "release_date": "2020-05-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" }, { "category": "workaround", "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "acknowledgments": [ { "names": [ "James R. Perkins" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10718", "cwe": { "id": "CWE-749", "name": "Exposed Dangerous Method or Function" }, "discovery_date": "2020-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828476" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10718" }, { "category": "external", "summary": "RHBZ#1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API" }, { "acknowledgments": [ { "names": [ "Moritz Bechler" ], "organization": "SySS GmbH" } ], "cve": "CVE-2020-10740", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1834512" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10740" }, { "category": "external", "summary": "RHBZ#1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740" } ], "release_date": "2020-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans" }, { "cve": "CVE-2020-11612", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816216" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11612" }, { "category": "external", "summary": "RHBZ#1816216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11612" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612" } ], "release_date": "2020-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes" }, { "cve": "CVE-2020-14297", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853595" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14297" }, { "category": "external", "summary": "RHBZ#1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14297" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service" }, { "cve": "CVE-2020-14307", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "discovery_date": "2020-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851327" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14307" }, { "category": "external", "summary": "RHBZ#1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service" } ] }
rhsa-2020_3464
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3464", "url": "https://access.redhat.com/errata/RHSA-2020:3464" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "JBEAP-19095", "url": "https://issues.redhat.com/browse/JBEAP-19095" }, { "category": "external", "summary": "JBEAP-19134", "url": "https://issues.redhat.com/browse/JBEAP-19134" }, { "category": "external", "summary": "JBEAP-19185", "url": "https://issues.redhat.com/browse/JBEAP-19185" }, { "category": "external", "summary": "JBEAP-19203", "url": "https://issues.redhat.com/browse/JBEAP-19203" }, { "category": "external", "summary": "JBEAP-19269", "url": "https://issues.redhat.com/browse/JBEAP-19269" }, { "category": "external", "summary": "JBEAP-19322", "url": "https://issues.redhat.com/browse/JBEAP-19322" }, { "category": "external", "summary": "JBEAP-19325", "url": "https://issues.redhat.com/browse/JBEAP-19325" }, { "category": "external", "summary": "JBEAP-19397", "url": "https://issues.redhat.com/browse/JBEAP-19397" }, { "category": "external", "summary": "JBEAP-19529", "url": "https://issues.redhat.com/browse/JBEAP-19529" }, { "category": "external", "summary": "JBEAP-19564", "url": "https://issues.redhat.com/browse/JBEAP-19564" }, { "category": "external", "summary": "JBEAP-19585", "url": "https://issues.redhat.com/browse/JBEAP-19585" }, { "category": "external", "summary": "JBEAP-19617", "url": "https://issues.redhat.com/browse/JBEAP-19617" }, { "category": "external", "summary": "JBEAP-19619", "url": "https://issues.redhat.com/browse/JBEAP-19619" }, { "category": "external", "summary": "JBEAP-19673", "url": "https://issues.redhat.com/browse/JBEAP-19673" }, { "category": "external", "summary": "JBEAP-19674", "url": "https://issues.redhat.com/browse/JBEAP-19674" }, { "category": "external", "summary": "JBEAP-19874", "url": "https://issues.redhat.com/browse/JBEAP-19874" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3464.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update", "tracking": { "current_release_date": "2024-12-08T11:27:49+00:00", "generator": { "date": "2024-12-08T11:27:49+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2020:3464", "initial_release_date": "2020-08-17T13:25:19+00:00", "revision_history": [ { "date": "2020-08-17T13:25:19+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-08-17T13:25:19+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-08T11:27:49+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 7", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7", "product_id": "Red Hat JBoss Enterprise Application Platform 7", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3.0" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Guillaume Smet" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14900", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2019-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666499" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate: SQL injection issue in Hibernate ORM", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14900" }, { "category": "external", "summary": "RHBZ#1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate: SQL injection issue in Hibernate ORM" }, { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "cve": "CVE-2020-10672", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815495" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10672" }, { "category": "external", "summary": "RHBZ#1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" } ], "release_date": "2020-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815470" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "category": "external", "summary": "RHBZ#1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "acknowledgments": [ { "names": [ "Adith Sudhakar" ] } ], "cve": "CVE-2020-10683", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1694235" } ], "notes": [ { "category": "description", "text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", "title": "Vulnerability description" }, { "category": "summary", "text": "dom4j: XML External Entity vulnerability in default SAX parser", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10683" }, { "category": "external", "summary": "RHBZ#1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dom4j: XML External Entity vulnerability in default SAX parser" }, { "acknowledgments": [ { "names": [ "Aaron Ogburn" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10687", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785049" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10687" }, { "category": "external", "summary": "RHBZ#1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests" }, { "acknowledgments": [ { "names": [ "Alvaro Mu\u00f1oz" ], "organization": "GitHub Security Labs" } ], "cve": "CVE-2020-10693", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805501" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages", "title": "Vulnerability summary" }, { "category": "other", "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10693" }, { "category": "external", "summary": "RHBZ#1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693" } ], "release_date": "2020-05-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" }, { "category": "workaround", "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "acknowledgments": [ { "names": [ "James R. Perkins" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10718", "cwe": { "id": "CWE-749", "name": "Exposed Dangerous Method or Function" }, "discovery_date": "2020-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828476" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10718" }, { "category": "external", "summary": "RHBZ#1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API" }, { "acknowledgments": [ { "names": [ "Moritz Bechler" ], "organization": "SySS GmbH" } ], "cve": "CVE-2020-10740", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1834512" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10740" }, { "category": "external", "summary": "RHBZ#1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740" } ], "release_date": "2020-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans" }, { "cve": "CVE-2020-11612", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816216" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11612" }, { "category": "external", "summary": "RHBZ#1816216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11612" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612" } ], "release_date": "2020-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes" }, { "cve": "CVE-2020-14297", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853595" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14297" }, { "category": "external", "summary": "RHBZ#1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14297" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service" }, { "cve": "CVE-2020-14307", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "discovery_date": "2020-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851327" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14307" }, { "category": "external", "summary": "RHBZ#1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service" } ] }
rhsa-2020_3642
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.2.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)\n\n* resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n\u2022 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)\n\n* jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3642", "url": "https://access.redhat.com/errata/RHSA-2020:3642" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/" }, { "category": "external", "summary": "1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1805006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006" }, { "category": "external", "summary": "1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "1816330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "category": "external", "summary": "1816332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "category": "external", "summary": "1816337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "category": "external", "summary": "1816340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "JBEAP-18366", "url": "https://issues.redhat.com/browse/JBEAP-18366" }, { "category": "external", "summary": "JBEAP-18667", "url": "https://issues.redhat.com/browse/JBEAP-18667" }, { "category": "external", "summary": "JBEAP-18849", "url": "https://issues.redhat.com/browse/JBEAP-18849" }, { "category": "external", "summary": "JBEAP-18880", "url": "https://issues.redhat.com/browse/JBEAP-18880" }, { "category": "external", "summary": "JBEAP-18906", "url": "https://issues.redhat.com/browse/JBEAP-18906" }, { "category": "external", "summary": "JBEAP-18919", "url": "https://issues.redhat.com/browse/JBEAP-18919" }, { "category": "external", "summary": "JBEAP-18965", "url": "https://issues.redhat.com/browse/JBEAP-18965" }, { "category": "external", "summary": "JBEAP-19058", "url": "https://issues.redhat.com/browse/JBEAP-19058" }, { "category": "external", "summary": "JBEAP-19120", "url": "https://issues.redhat.com/browse/JBEAP-19120" }, { "category": "external", "summary": "JBEAP-19255", "url": "https://issues.redhat.com/browse/JBEAP-19255" }, { "category": "external", "summary": "JBEAP-19271", "url": "https://issues.redhat.com/browse/JBEAP-19271" }, { "category": "external", "summary": "JBEAP-19315", "url": "https://issues.redhat.com/browse/JBEAP-19315" }, { "category": "external", "summary": "JBEAP-19463", "url": "https://issues.redhat.com/browse/JBEAP-19463" }, { "category": "external", "summary": "JBEAP-19565", "url": "https://issues.redhat.com/browse/JBEAP-19565" }, { "category": "external", "summary": "JBEAP-19587", "url": "https://issues.redhat.com/browse/JBEAP-19587" }, { "category": "external", "summary": "JBEAP-19620", "url": "https://issues.redhat.com/browse/JBEAP-19620" }, { "category": "external", "summary": "JBEAP-19624", "url": "https://issues.redhat.com/browse/JBEAP-19624" }, { "category": "external", "summary": "JBEAP-19703", "url": "https://issues.redhat.com/browse/JBEAP-19703" }, { "category": "external", "summary": "JBEAP-19704", "url": "https://issues.redhat.com/browse/JBEAP-19704" }, { "category": "external", "summary": "JBEAP-19798", "url": "https://issues.redhat.com/browse/JBEAP-19798" }, { "category": "external", "summary": "JBEAP-19837", "url": "https://issues.redhat.com/browse/JBEAP-19837" }, { "category": "external", "summary": "JBEAP-19875", "url": "https://issues.redhat.com/browse/JBEAP-19875" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3642.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.9 security update", "tracking": { "current_release_date": "2024-12-08T11:28:43+00:00", "generator": { "date": "2024-12-08T11:28:43+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2020:3642", "initial_release_date": "2020-09-07T13:05:33+00:00", "revision_history": [ { "date": "2020-09-07T13:05:33+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-09-07T13:05:33+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-08T11:28:43+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 7", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7", "product_id": "Red Hat JBoss Enterprise Application Platform 7", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2.0" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Guillaume Smet" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14900", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2019-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666499" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate: SQL injection issue in Hibernate ORM", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14900" }, { "category": "external", "summary": "RHBZ#1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate: SQL injection issue in Hibernate ORM" }, { "acknowledgments": [ { "names": [ "Mirko Selber" ], "organization": "Compass Security" } ], "cve": "CVE-2020-1695", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-07-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1730462" } ], "notes": [ { "category": "description", "text": "A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server\u0027s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.", "title": "Vulnerability description" }, { "category": "summary", "text": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1695" }, { "category": "external", "summary": "RHBZ#1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1695", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1695" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class" }, { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "acknowledgments": [ { "names": [ "An Trinh" ] } ], "cve": "CVE-2020-6950", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2019-12-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805006" } ], "notes": [ { "category": "description", "text": "A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6950" }, { "category": "external", "summary": "RHBZ#1805006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6950", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6950" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950" }, { "category": "external", "summary": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24", "url": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741", "url": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/issues/4571", "url": "https://github.com/eclipse-ee4j/mojarra/issues/4571" }, { "category": "external", "summary": "https://github.com/javaserverfaces/mojarra/issues/4364", "url": "https://github.com/javaserverfaces/mojarra/issues/4364" } ], "release_date": "2020-02-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371" }, { "cve": "CVE-2020-8840", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816330" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A \"gadget\" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-8840" }, { "category": "external", "summary": "RHBZ#1816330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8840", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking" }, { "cve": "CVE-2020-9546", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816332" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in shaded-hikari-config", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9546" }, { "category": "external", "summary": "RHBZ#1816332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9546", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in shaded-hikari-config" }, { "cve": "CVE-2020-9547", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816337" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in ibatis-sqlmap", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9547" }, { "category": "external", "summary": "RHBZ#1816337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9547", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in ibatis-sqlmap" }, { "cve": "CVE-2020-9548", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816340" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in anteros-core", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9548" }, { "category": "external", "summary": "RHBZ#1816340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9548", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in anteros-core" }, { "cve": "CVE-2020-10672", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815495" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10672" }, { "category": "external", "summary": "RHBZ#1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" } ], "release_date": "2020-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815470" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "category": "external", "summary": "RHBZ#1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "acknowledgments": [ { "names": [ "Adith Sudhakar" ] } ], "cve": "CVE-2020-10683", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1694235" } ], "notes": [ { "category": "description", "text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", "title": "Vulnerability description" }, { "category": "summary", "text": "dom4j: XML External Entity vulnerability in default SAX parser", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10683" }, { "category": "external", "summary": "RHBZ#1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dom4j: XML External Entity vulnerability in default SAX parser" }, { "acknowledgments": [ { "names": [ "Aaron Ogburn" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10687", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785049" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10687" }, { "category": "external", "summary": "RHBZ#1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests" }, { "acknowledgments": [ { "names": [ "Alvaro Mu\u00f1oz" ], "organization": "GitHub Security Labs" } ], "cve": "CVE-2020-10693", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805501" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages", "title": "Vulnerability summary" }, { "category": "other", "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10693" }, { "category": "external", "summary": "RHBZ#1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693" } ], "release_date": "2020-05-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" }, { "category": "workaround", "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "acknowledgments": [ { "names": [ "James R. Perkins" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10718", "cwe": { "id": "CWE-749", "name": "Exposed Dangerous Method or Function" }, "discovery_date": "2020-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828476" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10718" }, { "category": "external", "summary": "RHBZ#1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API" }, { "acknowledgments": [ { "names": [ "Moritz Bechler" ], "organization": "SySS GmbH" } ], "cve": "CVE-2020-10740", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1834512" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10740" }, { "category": "external", "summary": "RHBZ#1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740" } ], "release_date": "2020-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans" }, { "cve": "CVE-2020-14297", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853595" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14297" }, { "category": "external", "summary": "RHBZ#1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14297" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service" }, { "cve": "CVE-2020-14307", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "discovery_date": "2020-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851327" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14307" }, { "category": "external", "summary": "RHBZ#1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service" } ] }
rhsa-2020_3639
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)\n\n* resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n\u2022 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)\n\n* jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3639", "url": "https://access.redhat.com/errata/RHSA-2020:3639" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/" }, { "category": "external", "summary": "1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1805006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006" }, { "category": "external", "summary": "1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "1816330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "category": "external", "summary": "1816332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "category": "external", "summary": "1816337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "category": "external", "summary": "1816340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "JBEAP-18366", "url": "https://issues.redhat.com/browse/JBEAP-18366" }, { "category": "external", "summary": "JBEAP-18667", "url": "https://issues.redhat.com/browse/JBEAP-18667" }, { "category": "external", "summary": "JBEAP-18849", "url": "https://issues.redhat.com/browse/JBEAP-18849" }, { "category": "external", "summary": "JBEAP-18880", "url": "https://issues.redhat.com/browse/JBEAP-18880" }, { "category": "external", "summary": "JBEAP-18906", "url": "https://issues.redhat.com/browse/JBEAP-18906" }, { "category": "external", "summary": "JBEAP-18919", "url": "https://issues.redhat.com/browse/JBEAP-18919" }, { "category": "external", "summary": "JBEAP-18965", "url": "https://issues.redhat.com/browse/JBEAP-18965" }, { "category": "external", "summary": "JBEAP-19040", "url": "https://issues.redhat.com/browse/JBEAP-19040" }, { "category": "external", "summary": "JBEAP-19058", "url": "https://issues.redhat.com/browse/JBEAP-19058" }, { "category": "external", "summary": "JBEAP-19120", "url": "https://issues.redhat.com/browse/JBEAP-19120" }, { "category": "external", "summary": "JBEAP-19255", "url": "https://issues.redhat.com/browse/JBEAP-19255" }, { "category": "external", "summary": "JBEAP-19271", "url": "https://issues.redhat.com/browse/JBEAP-19271" }, { "category": "external", "summary": "JBEAP-19315", "url": "https://issues.redhat.com/browse/JBEAP-19315" }, { "category": "external", "summary": "JBEAP-19463", "url": "https://issues.redhat.com/browse/JBEAP-19463" }, { "category": "external", "summary": "JBEAP-19565", "url": "https://issues.redhat.com/browse/JBEAP-19565" }, { "category": "external", "summary": "JBEAP-19587", "url": "https://issues.redhat.com/browse/JBEAP-19587" }, { "category": "external", "summary": "JBEAP-19620", "url": "https://issues.redhat.com/browse/JBEAP-19620" }, { "category": "external", "summary": "JBEAP-19624", "url": "https://issues.redhat.com/browse/JBEAP-19624" }, { "category": "external", "summary": "JBEAP-19703", "url": "https://issues.redhat.com/browse/JBEAP-19703" }, { "category": "external", "summary": "JBEAP-19704", "url": "https://issues.redhat.com/browse/JBEAP-19704" }, { "category": "external", "summary": "JBEAP-19798", "url": "https://issues.redhat.com/browse/JBEAP-19798" }, { "category": "external", "summary": "JBEAP-19837", "url": "https://issues.redhat.com/browse/JBEAP-19837" }, { "category": "external", "summary": "JBEAP-19875", "url": "https://issues.redhat.com/browse/JBEAP-19875" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3639.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 8 security update", "tracking": { "current_release_date": "2024-12-08T11:28:33+00:00", "generator": { "date": "2024-12-08T11:28:33+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2020:3639", "initial_release_date": "2020-09-07T12:58:06+00:00", "revision_history": [ { "date": "2020-09-07T12:58:06+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-09-07T12:58:06+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-08T11:28:33+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.2 for RHEL 8", "product": { "name": "Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.20-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow-server@1.2.5-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-client@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-client-microprofile@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-binding-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-rxjava2@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-4.SP3_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.6.8-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "product": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "product_id": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-13.SP3_redhat_00011.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-7.SP2_redhat_00005.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-4.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core-impl@3.0.6-4.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core-jsf@3.0.6-4.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-ejb@3.0.6-4.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-jta@3.0.6-4.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-probe-core@3.0.6-4.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-web@3.0.6-4.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-modules@1.8.10-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.11-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.0.23-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "product": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "product_id": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.2.9-4.GA_redhat_00003.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.2.9-4.GA_redhat_00003.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "product_id": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.2.9-4.GA_redhat_00003.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-elytron-web@1.2.5-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "product": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "product_id": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-4.SP3_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.4-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.6.8-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "product": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "product_id": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-13.SP3_redhat_00011.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-7.SP2_redhat_00005.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "product": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "product_id": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-4.Final_redhat_00004.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-modules@1.8.10-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.11-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.0.23-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "product_id": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-13.Final_redhat_00014.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "product": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "product_id": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.2.9-4.GA_redhat_00003.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el8eap?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch" }, "product_reference": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src" }, "product_reference": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src" }, "product_reference": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src" }, "product_reference": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Guillaume Smet" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14900", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2019-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666499" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate: SQL injection issue in Hibernate ORM", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14900" }, { "category": "external", "summary": "RHBZ#1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate: SQL injection issue in Hibernate ORM" }, { "acknowledgments": [ { "names": [ "Mirko Selber" ], "organization": "Compass Security" } ], "cve": "CVE-2020-1695", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-07-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1730462" } ], "notes": [ { "category": "description", "text": "A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server\u0027s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.", "title": "Vulnerability description" }, { "category": "summary", "text": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1695" }, { "category": "external", "summary": "RHBZ#1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1695", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1695" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class" }, { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "acknowledgments": [ { "names": [ "An Trinh" ] } ], "cve": "CVE-2020-6950", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2019-12-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805006" } ], "notes": [ { "category": "description", "text": "A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6950" }, { "category": "external", "summary": "RHBZ#1805006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6950", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6950" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950" }, { "category": "external", "summary": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24", "url": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741", "url": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/issues/4571", "url": "https://github.com/eclipse-ee4j/mojarra/issues/4571" }, { "category": "external", "summary": "https://github.com/javaserverfaces/mojarra/issues/4364", "url": "https://github.com/javaserverfaces/mojarra/issues/4364" } ], "release_date": "2020-02-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371" }, { "cve": "CVE-2020-8840", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816330" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A \"gadget\" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-8840" }, { "category": "external", "summary": "RHBZ#1816330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8840", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking" }, { "cve": "CVE-2020-9546", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816332" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in shaded-hikari-config", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9546" }, { "category": "external", "summary": "RHBZ#1816332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9546", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in shaded-hikari-config" }, { "cve": "CVE-2020-9547", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816337" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in ibatis-sqlmap", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9547" }, { "category": "external", "summary": "RHBZ#1816337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9547", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in ibatis-sqlmap" }, { "cve": "CVE-2020-9548", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816340" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in anteros-core", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9548" }, { "category": "external", "summary": "RHBZ#1816340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9548", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in anteros-core" }, { "cve": "CVE-2020-10672", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815495" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10672" }, { "category": "external", "summary": "RHBZ#1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" } ], "release_date": "2020-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815470" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "category": "external", "summary": "RHBZ#1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "acknowledgments": [ { "names": [ "Adith Sudhakar" ] } ], "cve": "CVE-2020-10683", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1694235" } ], "notes": [ { "category": "description", "text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", "title": "Vulnerability description" }, { "category": "summary", "text": "dom4j: XML External Entity vulnerability in default SAX parser", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10683" }, { "category": "external", "summary": "RHBZ#1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dom4j: XML External Entity vulnerability in default SAX parser" }, { "acknowledgments": [ { "names": [ "Aaron Ogburn" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10687", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785049" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10687" }, { "category": "external", "summary": "RHBZ#1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests" }, { "acknowledgments": [ { "names": [ "Alvaro Mu\u00f1oz" ], "organization": "GitHub Security Labs" } ], "cve": "CVE-2020-10693", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805501" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages", "title": "Vulnerability summary" }, { "category": "other", "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10693" }, { "category": "external", "summary": "RHBZ#1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693" } ], "release_date": "2020-05-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" }, { "category": "workaround", "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "acknowledgments": [ { "names": [ "James R. Perkins" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10718", "cwe": { "id": "CWE-749", "name": "Exposed Dangerous Method or Function" }, "discovery_date": "2020-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828476" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10718" }, { "category": "external", "summary": "RHBZ#1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API" }, { "acknowledgments": [ { "names": [ "Moritz Bechler" ], "organization": "SySS GmbH" } ], "cve": "CVE-2020-10740", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1834512" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10740" }, { "category": "external", "summary": "RHBZ#1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740" } ], "release_date": "2020-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans" }, { "cve": "CVE-2020-14297", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853595" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14297" }, { "category": "external", "summary": "RHBZ#1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14297" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service" }, { "cve": "CVE-2020-14307", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "discovery_date": "2020-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851327" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14307" }, { "category": "external", "summary": "RHBZ#1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service" } ] }
rhsa-2020_3461
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3461", "url": "https://access.redhat.com/errata/RHSA-2020:3461" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/" }, { "category": "external", "summary": "1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "JBEAP-19095", "url": "https://issues.redhat.com/browse/JBEAP-19095" }, { "category": "external", "summary": "JBEAP-19134", "url": "https://issues.redhat.com/browse/JBEAP-19134" }, { "category": "external", "summary": "JBEAP-19185", "url": "https://issues.redhat.com/browse/JBEAP-19185" }, { "category": "external", "summary": "JBEAP-19203", "url": "https://issues.redhat.com/browse/JBEAP-19203" }, { "category": "external", "summary": "JBEAP-19269", "url": "https://issues.redhat.com/browse/JBEAP-19269" }, { "category": "external", "summary": "JBEAP-19322", "url": "https://issues.redhat.com/browse/JBEAP-19322" }, { "category": "external", "summary": "JBEAP-19325", "url": "https://issues.redhat.com/browse/JBEAP-19325" }, { "category": "external", "summary": "JBEAP-19397", "url": "https://issues.redhat.com/browse/JBEAP-19397" }, { "category": "external", "summary": "JBEAP-19409", "url": "https://issues.redhat.com/browse/JBEAP-19409" }, { "category": "external", "summary": "JBEAP-19529", "url": "https://issues.redhat.com/browse/JBEAP-19529" }, { "category": "external", "summary": "JBEAP-19564", "url": "https://issues.redhat.com/browse/JBEAP-19564" }, { "category": "external", "summary": "JBEAP-19585", "url": "https://issues.redhat.com/browse/JBEAP-19585" }, { "category": "external", "summary": "JBEAP-19617", "url": "https://issues.redhat.com/browse/JBEAP-19617" }, { "category": "external", "summary": "JBEAP-19619", "url": "https://issues.redhat.com/browse/JBEAP-19619" }, { "category": "external", "summary": "JBEAP-19673", "url": "https://issues.redhat.com/browse/JBEAP-19673" }, { "category": "external", "summary": "JBEAP-19674", "url": "https://issues.redhat.com/browse/JBEAP-19674" }, { "category": "external", "summary": "JBEAP-19874", "url": "https://issues.redhat.com/browse/JBEAP-19874" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3461.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update", "tracking": { "current_release_date": "2024-12-08T11:27:20+00:00", "generator": { "date": "2024-12-08T11:27:20+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2020:3461", "initial_release_date": "2020-08-17T13:28:01+00:00", "revision_history": [ { "date": "2020-08-17T13:28:01+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-08-17T13:28:01+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-08T11:27:20+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product": { "name": "Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-elytron-web@1.6.2-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "product_id": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.8-1.SP1_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "product": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP11_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP04_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.48-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.7-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.2.9-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@9.4.19-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "product": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "product": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "product_id": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-common@1.5.2-1.Final_redhat_00002.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "product": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "product": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "product": { "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_id": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.10.4-1.redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "product": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "product": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_id": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-1.redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "product_id": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.1-7.Final_redhat_00009.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "product": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "product_id": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.2-4.GA_redhat_00002.1.el6eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow-server@1.6.2-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.8-1.SP1_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP11_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP04_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.48-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-all@4.1.48-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.7-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.10.7-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.2.9-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-commons@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-core@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "product": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "product_id": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-common@1.5.2-1.Final_redhat_00002.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.20-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "product": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "product_id": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.2-4.GA_redhat_00002.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.2-4.GA_redhat_00002.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "product_id": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.2-4.GA_redhat_00002.1.el6eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src" }, "product_reference": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src" }, "product_reference": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Guillaume Smet" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14900", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2019-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666499" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate: SQL injection issue in Hibernate ORM", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14900" }, { "category": "external", "summary": "RHBZ#1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate: SQL injection issue in Hibernate ORM" }, { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "cve": "CVE-2020-10672", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815495" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10672" }, { "category": "external", "summary": "RHBZ#1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" } ], "release_date": "2020-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815470" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "category": "external", "summary": "RHBZ#1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "acknowledgments": [ { "names": [ "Adith Sudhakar" ] } ], "cve": "CVE-2020-10683", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1694235" } ], "notes": [ { "category": "description", "text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", "title": "Vulnerability description" }, { "category": "summary", "text": "dom4j: XML External Entity vulnerability in default SAX parser", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10683" }, { "category": "external", "summary": "RHBZ#1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dom4j: XML External Entity vulnerability in default SAX parser" }, { "acknowledgments": [ { "names": [ "Aaron Ogburn" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10687", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785049" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10687" }, { "category": "external", "summary": "RHBZ#1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests" }, { "acknowledgments": [ { "names": [ "Alvaro Mu\u00f1oz" ], "organization": "GitHub Security Labs" } ], "cve": "CVE-2020-10693", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805501" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages", "title": "Vulnerability summary" }, { "category": "other", "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10693" }, { "category": "external", "summary": "RHBZ#1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693" } ], "release_date": "2020-05-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" }, { "category": "workaround", "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "acknowledgments": [ { "names": [ "James R. Perkins" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10718", "cwe": { "id": "CWE-749", "name": "Exposed Dangerous Method or Function" }, "discovery_date": "2020-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828476" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10718" }, { "category": "external", "summary": "RHBZ#1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API" }, { "acknowledgments": [ { "names": [ "Moritz Bechler" ], "organization": "SySS GmbH" } ], "cve": "CVE-2020-10740", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1834512" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10740" }, { "category": "external", "summary": "RHBZ#1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740" } ], "release_date": "2020-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans" }, { "cve": "CVE-2020-11612", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-03-23T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816216" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch" ], "known_not_affected": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11612" }, { "category": "external", "summary": "RHBZ#1816216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11612" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612" } ], "release_date": "2020-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes" }, { "cve": "CVE-2020-14297", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853595" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14297" }, { "category": "external", "summary": "RHBZ#1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14297" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service" }, { "cve": "CVE-2020-14307", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "discovery_date": "2020-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851327" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14307" }, { "category": "external", "summary": "RHBZ#1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service" } ] }
rhsa-2020_3637
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)\n\n* resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n\u2022 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)\n\n* jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3637", "url": "https://access.redhat.com/errata/RHSA-2020:3637" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/" }, { "category": "external", "summary": "1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1805006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006" }, { "category": "external", "summary": "1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "1816330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "category": "external", "summary": "1816332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "category": "external", "summary": "1816337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "category": "external", "summary": "1816340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "JBEAP-18366", "url": "https://issues.redhat.com/browse/JBEAP-18366" }, { "category": "external", "summary": "JBEAP-18667", "url": "https://issues.redhat.com/browse/JBEAP-18667" }, { "category": "external", "summary": "JBEAP-18849", "url": "https://issues.redhat.com/browse/JBEAP-18849" }, { "category": "external", "summary": "JBEAP-18880", "url": "https://issues.redhat.com/browse/JBEAP-18880" }, { "category": "external", "summary": "JBEAP-18906", "url": "https://issues.redhat.com/browse/JBEAP-18906" }, { "category": "external", "summary": "JBEAP-18919", "url": "https://issues.redhat.com/browse/JBEAP-18919" }, { "category": "external", "summary": "JBEAP-18965", "url": "https://issues.redhat.com/browse/JBEAP-18965" }, { "category": "external", "summary": "JBEAP-19038", "url": "https://issues.redhat.com/browse/JBEAP-19038" }, { "category": "external", "summary": "JBEAP-19058", "url": "https://issues.redhat.com/browse/JBEAP-19058" }, { "category": "external", "summary": "JBEAP-19120", "url": "https://issues.redhat.com/browse/JBEAP-19120" }, { "category": "external", "summary": "JBEAP-19255", "url": "https://issues.redhat.com/browse/JBEAP-19255" }, { "category": "external", "summary": "JBEAP-19271", "url": "https://issues.redhat.com/browse/JBEAP-19271" }, { "category": "external", "summary": "JBEAP-19315", "url": "https://issues.redhat.com/browse/JBEAP-19315" }, { "category": "external", "summary": "JBEAP-19463", "url": "https://issues.redhat.com/browse/JBEAP-19463" }, { "category": "external", "summary": "JBEAP-19565", "url": "https://issues.redhat.com/browse/JBEAP-19565" }, { "category": "external", "summary": "JBEAP-19587", "url": "https://issues.redhat.com/browse/JBEAP-19587" }, { "category": "external", "summary": "JBEAP-19620", "url": "https://issues.redhat.com/browse/JBEAP-19620" }, { "category": "external", "summary": "JBEAP-19624", "url": "https://issues.redhat.com/browse/JBEAP-19624" }, { "category": "external", "summary": "JBEAP-19703", "url": "https://issues.redhat.com/browse/JBEAP-19703" }, { "category": "external", "summary": "JBEAP-19704", "url": "https://issues.redhat.com/browse/JBEAP-19704" }, { "category": "external", "summary": "JBEAP-19798", "url": "https://issues.redhat.com/browse/JBEAP-19798" }, { "category": "external", "summary": "JBEAP-19837", "url": "https://issues.redhat.com/browse/JBEAP-19837" }, { "category": "external", "summary": "JBEAP-19875", "url": "https://issues.redhat.com/browse/JBEAP-19875" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3637.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 6 security update", "tracking": { "current_release_date": "2024-12-08T11:28:15+00:00", "generator": { "date": "2024-12-08T11:28:15+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2020:3637", "initial_release_date": "2020-09-07T12:57:26+00:00", "revision_history": [ { "date": "2020-09-07T12:57:26+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-09-07T12:57:26+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-08T11:28:15+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product": { "name": "Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.20-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow-server@1.2.5-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-client@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-client-microprofile@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-binding-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-rxjava2@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-4.SP3_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.6.8-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "product": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "product_id": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-13.SP3_redhat_00011.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-7.SP2_redhat_00005.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-4.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core-impl@3.0.6-4.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core-jsf@3.0.6-4.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-ejb@3.0.6-4.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-jta@3.0.6-4.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-probe-core@3.0.6-4.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-web@3.0.6-4.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-modules@1.8.10-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.11-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.0.23-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "product": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "product_id": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.2.9-4.GA_redhat_00003.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.2.9-4.GA_redhat_00003.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "product_id": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.2.9-4.GA_redhat_00003.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-elytron-web@1.2.5-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "product": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "product_id": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "product_id": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-4.SP3_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "product": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "product_id": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.4-1.redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.6.8-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "product": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "product_id": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-13.SP3_redhat_00011.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-7.SP2_redhat_00005.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "product": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "product_id": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-4.Final_redhat_00004.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-modules@1.8.10-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.11-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.0.23-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "product_id": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-13.Final_redhat_00014.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "product": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "product_id": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.2.9-4.GA_redhat_00003.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el6eap?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch" }, "product_reference": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src" }, "product_reference": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src" }, "product_reference": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src" }, "product_reference": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Guillaume Smet" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14900", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2019-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666499" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate: SQL injection issue in Hibernate ORM", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14900" }, { "category": "external", "summary": "RHBZ#1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate: SQL injection issue in Hibernate ORM" }, { "acknowledgments": [ { "names": [ "Mirko Selber" ], "organization": "Compass Security" } ], "cve": "CVE-2020-1695", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-07-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1730462" } ], "notes": [ { "category": "description", "text": "A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server\u0027s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.", "title": "Vulnerability description" }, { "category": "summary", "text": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1695" }, { "category": "external", "summary": "RHBZ#1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1695", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1695" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class" }, { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "acknowledgments": [ { "names": [ "An Trinh" ] } ], "cve": "CVE-2020-6950", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2019-12-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805006" } ], "notes": [ { "category": "description", "text": "A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6950" }, { "category": "external", "summary": "RHBZ#1805006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6950", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6950" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950" }, { "category": "external", "summary": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24", "url": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741", "url": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/issues/4571", "url": "https://github.com/eclipse-ee4j/mojarra/issues/4571" }, { "category": "external", "summary": "https://github.com/javaserverfaces/mojarra/issues/4364", "url": "https://github.com/javaserverfaces/mojarra/issues/4364" } ], "release_date": "2020-02-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371" }, { "cve": "CVE-2020-8840", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816330" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A \"gadget\" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-8840" }, { "category": "external", "summary": "RHBZ#1816330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8840", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking" }, { "cve": "CVE-2020-9546", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816332" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in shaded-hikari-config", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9546" }, { "category": "external", "summary": "RHBZ#1816332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9546", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in shaded-hikari-config" }, { "cve": "CVE-2020-9547", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816337" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in ibatis-sqlmap", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9547" }, { "category": "external", "summary": "RHBZ#1816337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9547", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in ibatis-sqlmap" }, { "cve": "CVE-2020-9548", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816340" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in anteros-core", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9548" }, { "category": "external", "summary": "RHBZ#1816340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9548", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in anteros-core" }, { "cve": "CVE-2020-10672", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815495" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10672" }, { "category": "external", "summary": "RHBZ#1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" } ], "release_date": "2020-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815470" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "category": "external", "summary": "RHBZ#1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "acknowledgments": [ { "names": [ "Adith Sudhakar" ] } ], "cve": "CVE-2020-10683", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1694235" } ], "notes": [ { "category": "description", "text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", "title": "Vulnerability description" }, { "category": "summary", "text": "dom4j: XML External Entity vulnerability in default SAX parser", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10683" }, { "category": "external", "summary": "RHBZ#1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dom4j: XML External Entity vulnerability in default SAX parser" }, { "acknowledgments": [ { "names": [ "Aaron Ogburn" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10687", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785049" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10687" }, { "category": "external", "summary": "RHBZ#1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests" }, { "acknowledgments": [ { "names": [ "Alvaro Mu\u00f1oz" ], "organization": "GitHub Security Labs" } ], "cve": "CVE-2020-10693", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805501" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages", "title": "Vulnerability summary" }, { "category": "other", "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10693" }, { "category": "external", "summary": "RHBZ#1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693" } ], "release_date": "2020-05-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" }, { "category": "workaround", "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "acknowledgments": [ { "names": [ "James R. Perkins" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10718", "cwe": { "id": "CWE-749", "name": "Exposed Dangerous Method or Function" }, "discovery_date": "2020-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828476" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10718" }, { "category": "external", "summary": "RHBZ#1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API" }, { "acknowledgments": [ { "names": [ "Moritz Bechler" ], "organization": "SySS GmbH" } ], "cve": "CVE-2020-10740", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1834512" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10740" }, { "category": "external", "summary": "RHBZ#1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740" } ], "release_date": "2020-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans" }, { "cve": "CVE-2020-14297", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853595" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14297" }, { "category": "external", "summary": "RHBZ#1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14297" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service" }, { "cve": "CVE-2020-14307", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "discovery_date": "2020-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851327" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14307" }, { "category": "external", "summary": "RHBZ#1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service" } ] }
rhsa-2021_0874
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.6 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client (CVE-2020-35510)\n\n* bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible (CVE-2020-28052)\n\n* wildfly-undertow: undertow: Possible regression in fix for CVE-2020-10687 (CVE-2021-20220)\n\n* jboss-ejb-client: wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client (CVE-2021-20250)\n\n* guava: local information disclosure via temporary directory created with unsafe permissions (CVE-2020-8908)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:0874", "url": "https://access.redhat.com/errata/RHSA-2021:0874" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/" }, { "category": "external", "summary": "1905796", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905796" }, { "category": "external", "summary": "1906919", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906919" }, { "category": "external", "summary": "1912881", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912881" }, { "category": "external", "summary": "1923133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923133" }, { "category": "external", "summary": "1929479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929479" }, { "category": "external", "summary": "JBEAP-20336", "url": "https://issues.redhat.com/browse/JBEAP-20336" }, { "category": "external", "summary": "JBEAP-20628", "url": "https://issues.redhat.com/browse/JBEAP-20628" }, { "category": "external", "summary": "JBEAP-20672", "url": "https://issues.redhat.com/browse/JBEAP-20672" }, { "category": "external", "summary": "JBEAP-20694", "url": "https://issues.redhat.com/browse/JBEAP-20694" }, { "category": "external", "summary": "JBEAP-20695", "url": "https://issues.redhat.com/browse/JBEAP-20695" }, { "category": "external", "summary": "JBEAP-20717", "url": "https://issues.redhat.com/browse/JBEAP-20717" }, { "category": "external", "summary": "JBEAP-20762", "url": "https://issues.redhat.com/browse/JBEAP-20762" }, { "category": "external", "summary": "JBEAP-20791", "url": "https://issues.redhat.com/browse/JBEAP-20791" }, { "category": "external", "summary": "JBEAP-20795", "url": "https://issues.redhat.com/browse/JBEAP-20795" }, { "category": "external", "summary": "JBEAP-20802", "url": "https://issues.redhat.com/browse/JBEAP-20802" }, { "category": "external", "summary": "JBEAP-20805", "url": "https://issues.redhat.com/browse/JBEAP-20805" }, { "category": "external", "summary": "JBEAP-20815", "url": "https://issues.redhat.com/browse/JBEAP-20815" }, { "category": "external", "summary": "JBEAP-20816", "url": "https://issues.redhat.com/browse/JBEAP-20816" }, { "category": "external", "summary": "JBEAP-20883", "url": "https://issues.redhat.com/browse/JBEAP-20883" }, { "category": "external", "summary": "JBEAP-20887", "url": "https://issues.redhat.com/browse/JBEAP-20887" }, { "category": "external", "summary": "JBEAP-20908", "url": "https://issues.redhat.com/browse/JBEAP-20908" }, { "category": "external", "summary": "JBEAP-20918", "url": "https://issues.redhat.com/browse/JBEAP-20918" }, { "category": "external", "summary": "JBEAP-20941", "url": "https://issues.redhat.com/browse/JBEAP-20941" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0874.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.6 security update", "tracking": { "current_release_date": "2024-12-01T12:17:17+00:00", "generator": { "date": "2024-12-01T12:17:17+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2021:0874", "initial_release_date": "2021-03-16T13:38:36+00:00", "revision_history": [ { "date": "2021-03-16T13:38:36+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-03-16T13:38:36+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-01T12:17:17+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.3 for BaseOS-8", "product": { "name": "Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-naming-client@1.0.14-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.27-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.src", "product": { "name": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.src", "product_id": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-guava-failureaccess@1.0.1-1.redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.25-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.20-2.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana@5.9.11-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.18-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.11-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.34-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.src", "product_id": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle@1.68.0-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.2.13-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.39-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.src", "product": { "name": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.src", "product_id": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.9.0-9.redhat_00019.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.src", "product_id": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-5.Final_redhat_00006.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.src", "product_id": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-guava-libraries@30.1.0-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.src", "product": { "name": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.src", "product_id": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.6-1.GA_redhat_00002.1.el8eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-naming-client@1.0.14-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.27-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.27-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.27-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.27-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.27-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.27-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.27-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.27-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.27-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.noarch", "product_id": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-guava-failureaccess@1.0.1-1.redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.25-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.25-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.25-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.25-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.20-2.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana@5.9.11-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-compensations@5.9.11-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jbosstxbridge@5.9.11-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jbossxts@5.9.11-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jts-idlj@5.9.11-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jts-integration@5.9.11-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-api@5.9.11-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-bridge@5.9.11-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-integration@5.9.11-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-util@5.9.11-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-txframework@5.9.11-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.18-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.11-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.10.11-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.34-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle@1.68.0-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-mail@1.68.0-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-pkix@1.68.0-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-prov@1.68.0-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.2.13-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.39-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.9.0-9.redhat_00019.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.9.0-9.redhat_00019.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.9.0-9.redhat_00019.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.9.0-9.redhat_00019.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.9.0-9.redhat_00019.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.9.0-9.redhat_00019.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.9.0-9.redhat_00019.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.9.0-9.redhat_00019.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.9.0-9.redhat_00019.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.9.0-9.redhat_00019.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.9.0-9.redhat_00019.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.9.0-9.redhat_00019.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.9.0-9.redhat_00019.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.9.0-9.redhat_00019.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.9.0-9.redhat_00019.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.9.0-9.redhat_00019.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-5.Final_redhat_00006.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.2-5.Final_redhat_00006.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.2-5.Final_redhat_00006.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.2-5.Final_redhat_00006.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.2-5.Final_redhat_00006.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.2-5.Final_redhat_00006.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.2-5.Final_redhat_00006.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.2-5.Final_redhat_00006.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.2-5.Final_redhat_00006.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.2-5.Final_redhat_00006.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.2-5.Final_redhat_00006.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.2-5.Final_redhat_00006.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.2-5.Final_redhat_00006.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.2-5.Final_redhat_00006.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.2-5.Final_redhat_00006.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.2-5.Final_redhat_00006.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.2-5.Final_redhat_00006.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.2-5.Final_redhat_00006.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.2-5.Final_redhat_00006.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.2-5.Final_redhat_00006.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.2-5.Final_redhat_00006.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.2-5.Final_redhat_00006.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-guava-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-guava-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-guava-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-guava@30.1.0-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-guava-libraries@30.1.0-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.6-1.GA_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.6-1.GA_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.6-1.GA_redhat_00002.1.el8eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.src" }, "product_reference": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-guava-0:30.1.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-guava-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.src" }, "product_reference": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.src" }, "product_reference": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-8908", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2020-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1906919" } ], "notes": [ { "category": "description", "text": "A flaw was found in Guava that creates temporary directories with default permissions similar to /tmp. This issue may allow local users access, possibly permitting information exposure.", "title": "Vulnerability description" }, { "category": "summary", "text": "guava: local information disclosure via temporary directory created with unsafe permissions", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.src", "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-8908" }, { "category": "external", "summary": "RHBZ#1906919", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906919" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8908", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8908" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8908", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8908" } ], "release_date": "2020-09-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-16T13:38:36+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.src", "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0874" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.src", "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "guava: local information disclosure via temporary directory created with unsafe permissions" }, { "acknowledgments": [ { "names": [ "Aaron Ogburn" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10687", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785049" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.src", "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10687" }, { "category": "external", "summary": "RHBZ#1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-16T13:38:36+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.src", "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0874" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.src", "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests" }, { "cve": "CVE-2020-28052", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2021-01-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1912881" } ], "notes": [ { "category": "description", "text": "A flaw was found in bouncycastle. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.src", "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-28052" }, { "category": "external", "summary": "RHBZ#1912881", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912881" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28052", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28052" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28052", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28052" } ], "release_date": "2020-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-16T13:38:36+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.src", "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0874" }, { "category": "workaround", "details": "Users unable to upgrade to version 1.67 or greater can copy the `OpenBSDBCrypt.doCheckPassword()` method implementation (https://github.com/bcgit/bc-java/blob/r1rv67/core/src/main/java/org/bouncycastle/crypto/generators/OpenBSDBCrypt.java#L259-L343) into their own utility class and supplement it with the required methods and variables as required", "product_ids": [ "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.src", "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.src", "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible" }, { "cve": "CVE-2020-35510", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-12-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1905796" } ], "notes": [ { "category": "description", "text": "A flaw was found in jboss-remoting. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code, deleting the lines that send the ACK message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.src", "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-35510" }, { "category": "external", "summary": "RHBZ#1905796", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905796" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-35510", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35510" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-35510", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35510" } ], "release_date": "2020-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-16T13:38:36+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.src", "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0874" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.src", "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client" }, { "cve": "CVE-2021-20220", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-01-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1923133" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Possible regression in fix for CVE-2020-10687", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.src", "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-20220" }, { "category": "external", "summary": "RHBZ#1923133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923133" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-20220", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20220" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20220", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20220" } ], "release_date": "2021-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-16T13:38:36+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.src", "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0874" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.src", "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Possible regression in fix for CVE-2020-10687" }, { "cve": "CVE-2021-20250", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2021-02-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1929479" } ], "notes": [ { "category": "description", "text": "A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.src", "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-20250" }, { "category": "external", "summary": "RHBZ#1929479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929479" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-20250", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20250" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20250", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20250" } ], "release_date": "2021-02-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-16T13:38:36+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.src", "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0874" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap.src", "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-9.redhat_00019.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-5.Final_redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.25-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.6-1.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client" } ] }
wid-sec-w-2023-1272
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "JBoss Enterprise Application Platform ist eine skalierbare Plattform f\u00fcr Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform ausnutzen, um einen Denial-of-Service-Zustand ausl\u00f6sen, Informationen offenzulegen, Daten zu manipulieren, Sicherheitsma\u00dfnahmen zu umgehen oder einen Cross-Site-Scripting-Angriff durchf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-1272 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2023-1272.json" }, { "category": "self", "summary": "WID-SEC-2023-1272 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1272" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:0974 vom 2021-03-23", "url": "https://access.redhat.com/errata/RHSA-2021:0974" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:2210 vom 2021-06-02", "url": "https://access.redhat.com/errata/RHSA-2021:2210" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:1401 vom 2021-04-27", "url": "https://access.redhat.com/errata/RHSA-2021:1401" }, { "category": "external", "summary": "Red Hat Customer Portal - Security Advisories vom 2021-03-16", "url": "https://access.redhat.com/errata/RHSA-2021:0872" }, { "category": "external", "summary": "Red Hat Customer Portal - Security Advisories vom 2021-03-16", "url": "https://access.redhat.com/errata/RHSA-2021:0873" }, { "category": "external", "summary": "Red Hat Customer Portal - Security Advisories vom 2021-03-16", "url": "https://access.redhat.com/errata/RHSA-2021:0874" }, { "category": "external", "summary": "Red Hat Customer Portal - Security Advisories vom 2021-03-16", "url": "https://access.redhat.com/errata/RHSA-2021:0885" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:2755 vom 2021-07-15", "url": "https://access.redhat.com/errata/RHSA-2021:2755" }, { "category": "external", "summary": "Hitachi Vulnerability Information HITACHI-SEC-2021-125 vom 2021-07-30", "url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-125/index.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:3140 vom 2021-08-11", "url": "https://access.redhat.com/errata/RHSA-2021:3140" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:3205 vom 2021-08-18", "url": "https://access.redhat.com/errata/RHSA-2021:3205" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:4702 vom 2021-11-16", "url": "https://access.redhat.com/errata/RHSA-2021:4702" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:4767 vom 2021-11-23", "url": "https://access.redhat.com/errata/RHSA-2021:4767" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:1013 vom 2022-03-22", "url": "https://access.redhat.com/errata/RHSA-2022:1013" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:1029 vom 2022-03-23", "url": "https://access.redhat.com/errata/RHSA-2022:1029" }, { "category": "external", "summary": "Hitachi Software Vulnerability Information hitachi-sec-2023-116 vom 2023-05-23", "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-116/index.html" }, { "category": "external", "summary": "Hitachi Vulnerability Information HITACHI-SEC-2024-134 vom 2024-07-02", "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-134/index.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:10208 vom 2024-11-25", "url": "https://access.redhat.com/errata/RHSA-2024:10208" } ], "source_lang": "en-US", "title": "Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-11-24T23:00:00.000+00:00", "generator": { "date": "2024-11-25T09:15:45.216+00:00", "engine": { "name": "BSI-WID", "version": "1.3.8" } }, "id": "WID-SEC-W-2023-1272", "initial_release_date": "2021-03-16T23:00:00.000+00:00", "revision_history": [ { "date": "2021-03-16T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2021-03-23T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2021-04-26T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2021-06-03T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2021-07-15T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2021-07-29T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von HITACHI aufgenommen" }, { "date": "2021-08-11T22:00:00.000+00:00", "number": "7", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2021-08-17T22:00:00.000+00:00", "number": "8", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2021-11-16T23:00:00.000+00:00", "number": "9", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2021-11-23T23:00:00.000+00:00", "number": "10", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-03-22T23:00:00.000+00:00", "number": "11", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-05-22T22:00:00.000+00:00", "number": "12", "summary": "Neue Updates von HITACHI aufgenommen" }, { "date": "2024-07-01T22:00:00.000+00:00", "number": "13", "summary": "Neue Updates von HITACHI aufgenommen" }, { "date": "2024-11-24T23:00:00.000+00:00", "number": "14", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "14" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Hitachi Ops Center", "product": { "name": "Hitachi Ops Center", "product_id": "T017562", "product_identification_helper": { "cpe": "cpe:/a:hitachi:ops_center:-" } } } ], "category": "vendor", "name": "Hitachi" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "branches": [ { "category": "product_version_range", "name": "\u003c7.3.6", "product": { "name": "Red Hat JBoss Enterprise Application Platform \u003c7.3.6", "product_id": "T018621" } }, { "category": "product_version", "name": "7.3.6", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7.3.6", "product_id": "T018621-fixed", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3.6" } } }, { "category": "product_version_range", "name": "\u003c7.1.8", "product": { "name": "Red Hat JBoss Enterprise Application Platform \u003c7.1.8", "product_id": "T039411" } }, { "category": "product_version", "name": "7.1.8", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7.1.8", "product_id": "T039411-fixed", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1.8" } } } ], "category": "product_name", "name": "JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-10687", "notes": [ { "category": "description", "text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten \"Undertow\" und \"wildfly\" aufgrund von \"HTTP Request Smuggling\" und der Verf\u00fcgbarkeit von \u00f6ffentlich zug\u00e4nglichen privilegierten Aktionen. Ein entfernter anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um sensible Informationen offenzulegen, Daten zu manipulieren oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T018621", "67646", "T039411" ] }, "release_date": "2021-03-16T23:00:00.000+00:00", "title": "CVE-2020-10687" }, { "cve": "CVE-2021-20220", "notes": [ { "category": "description", "text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten \"Undertow\" und \"wildfly\" aufgrund von \"HTTP Request Smuggling\" und der Verf\u00fcgbarkeit von \u00f6ffentlich zug\u00e4nglichen privilegierten Aktionen. Ein entfernter anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um sensible Informationen offenzulegen, Daten zu manipulieren oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T018621", "67646", "T039411" ] }, "release_date": "2021-03-16T23:00:00.000+00:00", "title": "CVE-2021-20220" }, { "cve": "CVE-2021-20250", "notes": [ { "category": "description", "text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten \"Undertow\" und \"wildfly\" aufgrund von \"HTTP Request Smuggling\" und der Verf\u00fcgbarkeit von \u00f6ffentlich zug\u00e4nglichen privilegierten Aktionen. Ein entfernter anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um sensible Informationen offenzulegen, Daten zu manipulieren oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T018621", "67646", "T039411" ] }, "release_date": "2021-03-16T23:00:00.000+00:00", "title": "CVE-2021-20250" }, { "cve": "CVE-2020-28052", "notes": [ { "category": "description", "text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten \"bouncycastle\" und \"Guava\" aufgrund eines fehlerhaften Vergleichs im Dienstprogramm \"OpenBSDBCrypt.checkPassword\" und einer Schwachstelle bei der Erstellung von Temp-Verzeichnissen durch die Guava-API \"com.google.common.io.Files.createTempDir()\". Ein entfernter anonymer oder lokaler Angreifer kann diese Sicherheitsl\u00fccken ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "T018621", "67646", "T017562", "T039411" ] }, "release_date": "2021-03-16T23:00:00.000+00:00", "title": "CVE-2020-28052" }, { "cve": "CVE-2020-8908", "notes": [ { "category": "description", "text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten \"bouncycastle\" und \"Guava\" aufgrund eines fehlerhaften Vergleichs im Dienstprogramm \"OpenBSDBCrypt.checkPassword\" und einer Schwachstelle bei der Erstellung von Temp-Verzeichnissen durch die Guava-API \"com.google.common.io.Files.createTempDir()\". Ein entfernter anonymer oder lokaler Angreifer kann diese Sicherheitsl\u00fccken ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "T018621", "67646", "T017562", "T039411" ] }, "release_date": "2021-03-16T23:00:00.000+00:00", "title": "CVE-2020-8908" }, { "cve": "CVE-2020-35510", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in Red Hat JBoss Enterprise Application Platform. Der Fehler besteht in der Komponente \"jboss-remoting\" aufgrund der M\u00f6glichkeit der Manipulation von jboss-remoting-Code. Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, um eine Denial-of-Service-Bedingung auszul\u00f6sen." } ], "product_status": { "known_affected": [ "T018621", "67646", "T039411" ] }, "release_date": "2021-03-16T23:00:00.000+00:00", "title": "CVE-2020-35510" } ] }
ghsa-p9w3-gwc2-cr49
Vulnerability from github
A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.
{ "affected": [ { "database_specific": { "last_known_affected_version_range": "\u003c= 2.1.0.Final" }, "package": { "ecosystem": "Maven", "name": "io.undertow:undertow-core" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2.2.0.Final" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2020-10687" ], "database_specific": { "cwe_ids": [ "CWE-444" ], "github_reviewed": true, "github_reviewed_at": "2021-04-28T16:14:25Z", "nvd_published_at": "2020-09-23T13:15:00Z", "severity": "MODERATE" }, "details": "A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "id": "GHSA-p9w3-gwc2-cr49", "modified": "2022-02-11T21:12:07Z", "published": "2021-04-30T17:28:52Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c@%3Cdev.cxf.apache.org%3E" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20220210-0015" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "type": "CVSS_V3" } ], "summary": "HTTP Request Smuggling in Undertow" }
gsd-2020-10687
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2020-10687", "description": "A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "id": "GSD-2020-10687", "references": [ "https://access.redhat.com/errata/RHSA-2021:0885", "https://access.redhat.com/errata/RHSA-2021:0874", "https://access.redhat.com/errata/RHSA-2021:0873", "https://access.redhat.com/errata/RHSA-2021:0872", "https://access.redhat.com/errata/RHSA-2020:3642", "https://access.redhat.com/errata/RHSA-2020:3639", "https://access.redhat.com/errata/RHSA-2020:3638", "https://access.redhat.com/errata/RHSA-2020:3637", "https://access.redhat.com/errata/RHSA-2020:3501", "https://access.redhat.com/errata/RHSA-2020:3464", "https://access.redhat.com/errata/RHSA-2020:3463", "https://access.redhat.com/errata/RHSA-2020:3462", "https://access.redhat.com/errata/RHSA-2020:3461", "https://access.redhat.com/errata/RHSA-2020:3192" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2020-10687" ], "details": "A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "id": "GSD-2020-10687", "modified": "2023-12-13T01:22:04.624809Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-10687", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Undertow", "version": { "version_data": [ { "version_value": "Undertow 2.2.0.Final" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-444" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "name": "[cxf-dev] 20210129 Undertow CVE", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c@%3Cdev.cxf.apache.org%3E" }, { "name": "https://security.netapp.com/advisory/ntap-20220210-0015/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220210-0015/" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "(,2.2.0)", "affected_versions": "All versions before 2.2.0", "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "cwe_ids": [ "CWE-1035", "CWE-444", "CWE-937" ], "date": "2021-01-30", "description": "A flaw was discovered in all versions of Undertow before Undertow Final, where HTTP request smuggling related to CVE-2017-2666 is possible against `HTTP/1.x` and `HTTP/2` due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "fixed_versions": [ "2.2.0.Final" ], "identifier": "CVE-2020-10687", "identifiers": [ "CVE-2020-10687" ], "not_impacted": "All versions starting from 2.2.0", "package_slug": "maven/io.undertow/undertow-core", "pubdate": "2020-09-23", "solution": "Upgrade to version 2.2.0.Final or above.", "title": "Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" ], "uuid": "4d88e2b8-d6d3-49ad-bd03-683ba44c171b" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-10687" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-444" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049", "refsource": "MISC", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "name": "[cxf-dev] 20210129 Undertow CVE", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c@%3Cdev.cxf.apache.org%3E" }, { "name": "https://security.netapp.com/advisory/ntap-20220210-0015/", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220210-0015/" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 2.5 } }, "lastModifiedDate": "2022-02-22T10:05Z", "publishedDate": "2020-09-23T13:15Z" } } }
var-202009-0037
Vulnerability from variot
A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. Red Hat Undertow is a Java-based embedded Web server of American Red Hat (Red Hat) Company and the default Web server of Wildfly (Java Application Server). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update Advisory ID: RHSA-2020:3461-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:3461 Issue date: 2020-08-17 CVE Names: CVE-2019-14900 CVE-2020-1710 CVE-2020-1748 CVE-2020-10672 CVE-2020-10673 CVE-2020-10683 CVE-2020-10687 CVE-2020-10693 CVE-2020-10714 CVE-2020-10718 CVE-2020-10740 CVE-2020-14297 =====================================================================
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
-
wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
-
dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
-
wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
-
wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
-
hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
-
wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
-
undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
-
hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
-
wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
-
wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
- Solution:
Before applying this update, ensure all previously released errata relevant to your system have been applied.
For details about how to apply this update, see:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM 1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser 1785049 - CVE-2020-10687 Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests 1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1828476 - CVE-2020-10718 wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API 1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans 1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-18793 - GSS Upgrade Hibernate ORM from 5.3.16 to 5.3.17 JBEAP-19095 - GSS Upgrade wildfly-http-client from 1.0.20 to 1.0.21 JBEAP-19134 - (7.3.z) Upgrade HAL from 3.2.8.Final-redhat-00001 to 3.2.9.Final JBEAP-19185 - (7.3.z) Upgrade IronJacamar from 1.4.20.Final to 1.4.22.Final JBEAP-19203 - (7.3.z) WFCORE-4850 - Updating mockserver to 5.9.0. Exclusion of dependency from xom.io7m JBEAP-19205 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.x JBEAP-19269 - GSS Upgrade jboss-logmanager from 2.1.14.Final to 2.1.15.Final JBEAP-19322 - (7.3.z) Upgrade XNIO from 3.7.7 to 3.7.8.SP1 JBEAP-19325 - (7.3.z) Upgrade Infinispan from 9.4.18.Final-redhat-00001 to 9.4.19.Final-redhat-00001 JBEAP-19397 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP09-redhat-00001 to 2.3.9.SP11-redhat-00001 JBEAP-19409 - Tracker bug for the EAP 7.3.2 release for RHEL-6 JBEAP-19529 - (7.3.z) Update PR template to include PR-processor hints. JBEAP-19564 - GSS Upgrade jboss-ejb-client from 4.0.31.Final-redhat-00001 to 4.0.33.Final-redhat-00001 JBEAP-19585 - GSS Upgrade org.jboss.genericjms from 2.0.4 to 2.0.6 JBEAP-19617 - (7.3.z) Upgrade wildfly-naming-client from 1.0.12.Final-redhat-00001 to 1.0.13.Final-redhat-00001 JBEAP-19619 - (7.3.z) Upgrade JBoss JSF API from 3.0.0.SP02-redhat-00001 to 3.0.0.SP04-redhat-00001 JBEAP-19673 - (7.3.z) [WFCORE] Upgrade WildFly Common to 1.5.2.Final JBEAP-19674 - (7.3.z) [WFCORE] Upgrade galleon and wildfly-galleon-plugins from 4.1.2.Final to 4.2.4.Final JBEAP-19874 - GSS Upgrade wildfly-http-client from 1.0.21.Final-redhat-00001 to 1.0.22.Final-redhat-00001
-
Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
-
References:
https://access.redhat.com/security/cve/CVE-2019-14900 https://access.redhat.com/security/cve/CVE-2020-1710 https://access.redhat.com/security/cve/CVE-2020-1748 https://access.redhat.com/security/cve/CVE-2020-10672 https://access.redhat.com/security/cve/CVE-2020-10673 https://access.redhat.com/security/cve/CVE-2020-10683 https://access.redhat.com/security/cve/CVE-2020-10687 https://access.redhat.com/security/cve/CVE-2020-10693 https://access.redhat.com/security/cve/CVE-2020-10714 https://access.redhat.com/security/cve/CVE-2020-10718 https://access.redhat.com/security/cve/CVE-2020-10740 https://access.redhat.com/security/cve/CVE-2020-14297 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXzqIS9zjgjWX9erEAQjYNxAAk4rojlcRbfjwu0wlWLTU1MbxQNclVtVh MpQnFzyvJVVXX0lslx7NGxHlRNWRgqI/XC1QDqlHpRs4du5/a2Uj+8c5u+WPQefF QCqOvSntbMli42/I7+fCehLVofx/HkuAVcBoGrIGby1E4rddDljh4bH3r43I7wa5 HN9ki8uFAy8bIAzfXW+RB4rxtnsAABv/VFoH1fWmrXCXE6A6aG+AU86ddty0JQHN JhQp6v/X/3ccCvHYTAO8vlbqIJ4fE86e1+5oRBor+4ZD4mMVzGKm4cf8CMPXsKIB 9dFGo8WHFBgEi4hBbBFtFfaE2DGZ6K4Q7X0IAhiiYJmpPg8NgzGiqVvOAG+/OrBz DE84ZPxZwS1zR82wwIyHP4W5mYIhQTxhtp+E9Klu4gpFIAmK8bVfGf2Ub0HOCS6z sbN1Eiv0SBfWRHBfBkuRTBd0aEcmGRNl4GSXzXtanTf0OhFk/4pxdJPmKDEBFWvg 3dtwFi7+/8JoAch8GKQCo4UoSo6etQu45sUH6Q8ozuxYA72+J9K7cpwp/fVhiYRT nruC+2HDuugrC8UVJ/24E++49omdSXAm+UR9tvkFdVU3IpXLJNWO8s4QbrGC7CN7 Lvg/ukygGhrEEyQ1J9yYSeeNISQWJGOSKj/bgYRAh/AbX/QcZZfus7ppAasNjndn Bk4PSTq9yaw= =ZNiG -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Security Fix(es):
-
jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client (CVE-2020-35510)
-
bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible (CVE-2020-28052)
-
wildfly-undertow: undertow: Possible regression in fix for CVE-2020-10687 (CVE-2021-20220)
-
jboss-ejb-client: wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client (CVE-2021-20250)
-
guava: local information disclosure via temporary directory created with unsafe permissions (CVE-2020-8908)
-
Bugs fixed (https://bugzilla.redhat.com/):
1905796 - CVE-2020-35510 jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client 1906919 - CVE-2020-8908 guava: local information disclosure via temporary directory created with unsafe permissions 1912881 - CVE-2020-28052 bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible 1923133 - CVE-2021-20220 undertow: Possible regression in fix for CVE-2020-10687 1929479 - CVE-2021-20250 wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client
- Description:
Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
The References section of this erratum contains a download link (you must log in to download the update)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202009-0037", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jboss enterprise application platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.4" }, { "model": "single sign-on", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.2" }, { "model": "undertow", "scope": "lt", "trust": 1.0, "vendor": "redhat", "version": "2.2.0" }, { "model": "undertow", "scope": "eq", "trust": 0.8, "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8", "version": null }, { "model": "undertow", "scope": "lt", "trust": 0.8, "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8", "version": "2.2.0.final less than" }, { "model": "hat red hat undertow", "scope": null, "trust": 0.6, "vendor": "red", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-32367" }, { "db": "JVNDB", "id": "JVNDB-2020-011659" }, { "db": "NVD", "id": "CVE-2020-10687" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "158884" }, { "db": "PACKETSTORM", "id": "158889" }, { "db": "PACKETSTORM", "id": "159081" }, { "db": "PACKETSTORM", "id": "161827" }, { "db": "PACKETSTORM", "id": "159080" }, { "db": "PACKETSTORM", "id": "158916" }, { "db": "PACKETSTORM", "id": "159082" }, { "db": "CNNVD", "id": "CNNVD-202004-1135" } ], "trust": 1.3 }, "cve": "CVE-2020-10687", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-10687", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2020-32367", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.2, "id": "CVE-2020-10687", "impactScore": 2.5, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.8, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2020-10687", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-10687", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2020-10687", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2020-32367", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202004-1135", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-32367" }, { "db": "JVNDB", "id": "JVNDB-2020-011659" }, { "db": "CNNVD", "id": "CNNVD-202004-1135" }, { "db": "NVD", "id": "CVE-2020-10687" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. Red Hat Undertow is a Java-based embedded Web server of American Red Hat (Red Hat) Company and the default Web server of Wildfly (Java Application Server). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update\nAdvisory ID: RHSA-2020:3461-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:3461\nIssue date: 2020-08-17\nCVE Names: CVE-2019-14900 CVE-2020-1710 CVE-2020-1748 \n CVE-2020-10672 CVE-2020-10673 CVE-2020-10683 \n CVE-2020-10687 CVE-2020-10693 CVE-2020-10714 \n CVE-2020-10718 CVE-2020-10740 CVE-2020-14297 \n=====================================================================\n\n1. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1,\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.3.2 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API\n(CVE-2020-10718)\n\n* dom4j: XML External Entity vulnerability in default SAX parser\n(CVE-2020-10683)\n\n* wildfly-elytron: session fixation when using FORM authentication\n(CVE-2020-10714)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to\npermitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command execution\n(CVE-2020-10673)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM\n(CVE-2019-14900)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans\n(CVE-2020-10740)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command execution\n(CVE-2020-10672)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230\n(CVE-2020-1710)\n\n* hibernate-validator: Improper input validation in the interpolation of\nconstraint error messages (CVE-2020-10693)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when\nusing alternative protection domain (CVE-2020-1748)\n\n* wildfly: Some EJB transaction objects may get accumulated causing Denial\nof Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, see the CVE page(s) listed in the\nReferences section. \n\n4. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system have been applied. \n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM\n1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser\n1785049 - CVE-2020-10687 Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests\n1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230\n1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages\n1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1828476 - CVE-2020-10718 wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API\n1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans\n1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-18793 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.16 to 5.3.17\nJBEAP-19095 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.20 to 1.0.21\nJBEAP-19134 - (7.3.z) Upgrade HAL from 3.2.8.Final-redhat-00001 to 3.2.9.Final\nJBEAP-19185 - (7.3.z) Upgrade IronJacamar from 1.4.20.Final to 1.4.22.Final\nJBEAP-19203 - (7.3.z) WFCORE-4850 - Updating mockserver to 5.9.0. Exclusion of dependency from xom.io7m\nJBEAP-19205 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.x\nJBEAP-19269 - [GSS](7.3.z) Upgrade jboss-logmanager from 2.1.14.Final to 2.1.15.Final\nJBEAP-19322 - (7.3.z) Upgrade XNIO from 3.7.7 to 3.7.8.SP1\nJBEAP-19325 - (7.3.z) Upgrade Infinispan from 9.4.18.Final-redhat-00001 to 9.4.19.Final-redhat-00001\nJBEAP-19397 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP09-redhat-00001 to 2.3.9.SP11-redhat-00001\nJBEAP-19409 - Tracker bug for the EAP 7.3.2 release for RHEL-6\nJBEAP-19529 - (7.3.z) Update PR template to include PR-processor hints. \nJBEAP-19564 - [GSS](7.3.z) Upgrade jboss-ejb-client from 4.0.31.Final-redhat-00001 to 4.0.33.Final-redhat-00001\nJBEAP-19585 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.4 to 2.0.6\nJBEAP-19617 - (7.3.z) Upgrade wildfly-naming-client from 1.0.12.Final-redhat-00001 to 1.0.13.Final-redhat-00001\nJBEAP-19619 - (7.3.z) Upgrade JBoss JSF API from 3.0.0.SP02-redhat-00001 to 3.0.0.SP04-redhat-00001\nJBEAP-19673 - (7.3.z) [WFCORE] Upgrade WildFly Common to 1.5.2.Final\nJBEAP-19674 - (7.3.z) [WFCORE] Upgrade galleon and wildfly-galleon-plugins from 4.1.2.Final to 4.2.4.Final\nJBEAP-19874 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.21.Final-redhat-00001 to 1.0.22.Final-redhat-00001\n\n7. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-14900\nhttps://access.redhat.com/security/cve/CVE-2020-1710\nhttps://access.redhat.com/security/cve/CVE-2020-1748\nhttps://access.redhat.com/security/cve/CVE-2020-10672\nhttps://access.redhat.com/security/cve/CVE-2020-10673\nhttps://access.redhat.com/security/cve/CVE-2020-10683\nhttps://access.redhat.com/security/cve/CVE-2020-10687\nhttps://access.redhat.com/security/cve/CVE-2020-10693\nhttps://access.redhat.com/security/cve/CVE-2020-10714\nhttps://access.redhat.com/security/cve/CVE-2020-10718\nhttps://access.redhat.com/security/cve/CVE-2020-10740\nhttps://access.redhat.com/security/cve/CVE-2020-14297\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXzqIS9zjgjWX9erEAQjYNxAAk4rojlcRbfjwu0wlWLTU1MbxQNclVtVh\nMpQnFzyvJVVXX0lslx7NGxHlRNWRgqI/XC1QDqlHpRs4du5/a2Uj+8c5u+WPQefF\nQCqOvSntbMli42/I7+fCehLVofx/HkuAVcBoGrIGby1E4rddDljh4bH3r43I7wa5\nHN9ki8uFAy8bIAzfXW+RB4rxtnsAABv/VFoH1fWmrXCXE6A6aG+AU86ddty0JQHN\nJhQp6v/X/3ccCvHYTAO8vlbqIJ4fE86e1+5oRBor+4ZD4mMVzGKm4cf8CMPXsKIB\n9dFGo8WHFBgEi4hBbBFtFfaE2DGZ6K4Q7X0IAhiiYJmpPg8NgzGiqVvOAG+/OrBz\nDE84ZPxZwS1zR82wwIyHP4W5mYIhQTxhtp+E9Klu4gpFIAmK8bVfGf2Ub0HOCS6z\nsbN1Eiv0SBfWRHBfBkuRTBd0aEcmGRNl4GSXzXtanTf0OhFk/4pxdJPmKDEBFWvg\n3dtwFi7+/8JoAch8GKQCo4UoSo6etQu45sUH6Q8ozuxYA72+J9K7cpwp/fVhiYRT\nnruC+2HDuugrC8UVJ/24E++49omdSXAm+UR9tvkFdVU3IpXLJNWO8s4QbrGC7CN7\nLvg/ukygGhrEEyQ1J9yYSeeNISQWJGOSKj/bgYRAh/AbX/QcZZfus7ppAasNjndn\nBk4PSTq9yaw=\n=ZNiG\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nSecurity Fix(es):\n\n* jboss-remoting: Threads hold up forever in the EJB server by suppressing\nthe ack from an EJB client (CVE-2020-35510)\n\n* bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility\npossible (CVE-2020-28052)\n\n* wildfly-undertow: undertow: Possible regression in fix for CVE-2020-10687\n(CVE-2021-20220)\n\n* jboss-ejb-client: wildfly: Information disclosure due to publicly\naccessible privileged actions in JBoss EJB Client (CVE-2021-20250)\n\n* guava: local information disclosure via temporary directory created with\nunsafe permissions (CVE-2020-8908)\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1905796 - CVE-2020-35510 jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client\n1906919 - CVE-2020-8908 guava: local information disclosure via temporary directory created with unsafe permissions\n1912881 - CVE-2020-28052 bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible\n1923133 - CVE-2021-20220 undertow: Possible regression in fix for CVE-2020-10687\n1929479 - CVE-2021-20250 wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client\n\n6. Description:\n\nRed Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update)", "sources": [ { "db": "NVD", "id": "CVE-2020-10687" }, { "db": "JVNDB", "id": "JVNDB-2020-011659" }, { "db": "CNVD", "id": "CNVD-2020-32367" }, { "db": "PACKETSTORM", "id": "158884" }, { "db": "PACKETSTORM", "id": "158889" }, { "db": "PACKETSTORM", "id": "159081" }, { "db": "PACKETSTORM", "id": "161827" }, { "db": "PACKETSTORM", "id": "159080" }, { "db": "PACKETSTORM", "id": "158916" }, { "db": "PACKETSTORM", "id": "159082" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-10687", "trust": 3.7 }, { "db": "JVNDB", "id": "JVNDB-2020-011659", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "158916", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2020-32367", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2416", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0922", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3065", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2826", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2837", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "158891", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "161821", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "159083", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "161824", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202004-1135", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "158884", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "158889", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "159081", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "161827", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "159080", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "159082", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-32367" }, { "db": "JVNDB", "id": "JVNDB-2020-011659" }, { "db": "PACKETSTORM", "id": "158884" }, { "db": "PACKETSTORM", "id": "158889" }, { "db": "PACKETSTORM", "id": "159081" }, { "db": "PACKETSTORM", "id": "161827" }, { "db": "PACKETSTORM", "id": "159080" }, { "db": "PACKETSTORM", "id": "158916" }, { "db": "PACKETSTORM", "id": "159082" }, { "db": "CNNVD", "id": "CNNVD-202004-1135" }, { "db": "NVD", "id": "CVE-2020-10687" } ] }, "id": "VAR-202009-0037", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-32367" } ], "trust": 1.6 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-32367" } ] }, "last_update_date": "2024-11-29T20:18:36.933000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Bug\u00a01785049", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-011659" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-444", "trust": 1.0 }, { "problemtype": "HTTP Request Smuggling (CWE-444) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-011659" }, { "db": "NVD", "id": "CVE-2020-10687" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://access.redhat.com/security/cve/cve-2020-10687" }, { "trust": 1.6, "url": "https://security.netapp.com/advisory/ntap-20220210-0015/" }, { "trust": 1.6, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "trust": 1.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10687" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c%40%3cdev.cxf.apache.org%3e" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10687\u00a5" }, { "trust": 0.7, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.7, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.6, "url": "https://issues.jboss.org/):" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1710" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10740" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-10672" }, { "trust": 0.6, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-10714" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-10673" }, { "trust": 0.6, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.6, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10683" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-10683" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-10693" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-10740" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-1710" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-10718" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10718" }, { "trust": 0.6, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-1748" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c@%3cdev.cxf.apache.org%3e" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/undertow-information-disclosure-via-http-requests-invalid-characters-33091" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/161824/red-hat-security-advisory-2021-0874-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2416" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158891/red-hat-security-advisory-2020-3463-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0922" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/161821/red-hat-security-advisory-2021-0885-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2826/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2837/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158916/red-hat-security-advisory-2020-3501-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159083/red-hat-security-advisory-2020-3642-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3065/" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14297" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-14297" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14900" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-14900" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14307" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-14307" }, { "trust": 0.3, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/" }, { "trust": 0.3, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-6950" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-9547" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-1695" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-9546" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-9548" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695" }, { "trust": 0.3, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-8840" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546" }, { "trust": 0.3, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6950" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3461" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3462" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3637" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20250" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-28052" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:0872" }, { "trust": 0.1, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20220" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-35510" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35510" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8908" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8908" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20220" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28052" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20250" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3639" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10758" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10758" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3501" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1728" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1728" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso\u0026downloadtype=securitypatches\u0026version=7.4" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11612" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3638" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-32367" }, { "db": "JVNDB", "id": "JVNDB-2020-011659" }, { "db": "PACKETSTORM", "id": "158884" }, { "db": "PACKETSTORM", "id": "158889" }, { "db": "PACKETSTORM", "id": "159081" }, { "db": "PACKETSTORM", "id": "161827" }, { "db": "PACKETSTORM", "id": "159080" }, { "db": "PACKETSTORM", "id": "158916" }, { "db": "PACKETSTORM", "id": "159082" }, { "db": "CNNVD", "id": "CNNVD-202004-1135" }, { "db": "NVD", "id": "CVE-2020-10687" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-32367" }, { "db": "JVNDB", "id": "JVNDB-2020-011659" }, { "db": "PACKETSTORM", "id": "158884" }, { "db": "PACKETSTORM", "id": "158889" }, { "db": "PACKETSTORM", "id": "159081" }, { "db": "PACKETSTORM", "id": "161827" }, { "db": "PACKETSTORM", "id": "159080" }, { "db": "PACKETSTORM", "id": "158916" }, { "db": "PACKETSTORM", "id": "159082" }, { "db": "CNNVD", "id": "CNNVD-202004-1135" }, { "db": "NVD", "id": "CVE-2020-10687" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-06-11T00:00:00", "db": "CNVD", "id": "CNVD-2020-32367" }, { "date": "2021-04-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-011659" }, { "date": "2020-08-17T17:34:41", "db": "PACKETSTORM", "id": "158884" }, { "date": "2020-08-17T17:43:07", "db": "PACKETSTORM", "id": "158889" }, { "date": "2020-09-07T16:38:23", "db": "PACKETSTORM", "id": "159081" }, { "date": "2021-03-17T14:14:51", "db": "PACKETSTORM", "id": "161827" }, { "date": "2020-09-07T16:37:51", "db": "PACKETSTORM", "id": "159080" }, { "date": "2020-08-19T16:44:13", "db": "PACKETSTORM", "id": "158916" }, { "date": "2020-09-07T16:39:28", "db": "PACKETSTORM", "id": "159082" }, { "date": "2020-04-15T00:00:00", "db": "CNNVD", "id": "CNNVD-202004-1135" }, { "date": "2020-09-23T13:15:15.157000", "db": "NVD", "id": "CVE-2020-10687" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-06-11T00:00:00", "db": "CNVD", "id": "CNVD-2020-32367" }, { "date": "2021-04-08T08:10:00", "db": "JVNDB", "id": "JVNDB-2020-011659" }, { "date": "2022-03-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202004-1135" }, { "date": "2024-11-21T04:55:51.310000", "db": "NVD", "id": "CVE-2020-10687" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "158884" }, { "db": "PACKETSTORM", "id": "158889" }, { "db": "PACKETSTORM", "id": "159081" }, { "db": "PACKETSTORM", "id": "159080" }, { "db": "PACKETSTORM", "id": "159082" }, { "db": "CNNVD", "id": "CNNVD-202004-1135" } ], "trust": 1.1 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Undertow\u00a0 In \u00a0HTTP\u00a0 Request Smuggling Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-011659" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "environmental issue", "sources": [ { "db": "CNNVD", "id": "CNNVD-202004-1135" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.