rhsa-2021_3656
Vulnerability from csaf_redhat
Published
2021-09-23 16:18
Modified
2024-12-09 16:34
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.1 security update on RHEL 7

Notes

Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.0 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.1 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * velocity: arbitrary code execution when attacker is able to modify templates (CVE-2020-13936) * undertow: buffer leak on incoming websocket PONG message may lead to DoS (CVE-2021-3690) * undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS (CVE-2021-3597) * wildfly-elytron: possible timing attack in ScramServer (CVE-2021-3642) * netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295) * netty: Request smuggling via content-length header (CVE-2021-21409) * jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate (CVE-2021-28170) * apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 (CVE-2021-29425) * wildfly: XSS via admin console when creating roles in domain mode (CVE-2021-3536) * wildfly-core: Invalid Sensitivity Classification of Vault Expression (CVE-2021-3644) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.



{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.0 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.1 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* velocity: arbitrary code execution when attacker is able to modify templates (CVE-2020-13936)\n\n* undertow: buffer leak on incoming websocket PONG message may lead to DoS (CVE-2021-3690)\n\n* undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS (CVE-2021-3597)\n\n* wildfly-elytron: possible timing attack in ScramServer (CVE-2021-3642)\n\n* netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295)\n\n* netty: Request smuggling via content-length header (CVE-2021-21409)\n\n* jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate (CVE-2021-28170)\n\n* apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 (CVE-2021-29425)\n\n* wildfly: XSS via admin console when creating roles in domain mode (CVE-2021-3536)\n\n* wildfly-core: Invalid Sensitivity Classification of Vault Expression (CVE-2021-3644)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:3656",
        "url": "https://access.redhat.com/errata/RHSA-2021:3656"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
      },
      {
        "category": "external",
        "summary": "1937364",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937364"
      },
      {
        "category": "external",
        "summary": "1937440",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937440"
      },
      {
        "category": "external",
        "summary": "1944888",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944888"
      },
      {
        "category": "external",
        "summary": "1948001",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948001"
      },
      {
        "category": "external",
        "summary": "1948752",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948752"
      },
      {
        "category": "external",
        "summary": "1965497",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965497"
      },
      {
        "category": "external",
        "summary": "1970930",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970930"
      },
      {
        "category": "external",
        "summary": "1976052",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1976052"
      },
      {
        "category": "external",
        "summary": "1981407",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981407"
      },
      {
        "category": "external",
        "summary": "1991299",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991299"
      },
      {
        "category": "external",
        "summary": "JBEAP-18401",
        "url": "https://issues.redhat.com/browse/JBEAP-18401"
      },
      {
        "category": "external",
        "summary": "JBEAP-21231",
        "url": "https://issues.redhat.com/browse/JBEAP-21231"
      },
      {
        "category": "external",
        "summary": "JBEAP-21257",
        "url": "https://issues.redhat.com/browse/JBEAP-21257"
      },
      {
        "category": "external",
        "summary": "JBEAP-21258",
        "url": "https://issues.redhat.com/browse/JBEAP-21258"
      },
      {
        "category": "external",
        "summary": "JBEAP-21261",
        "url": "https://issues.redhat.com/browse/JBEAP-21261"
      },
      {
        "category": "external",
        "summary": "JBEAP-21263",
        "url": "https://issues.redhat.com/browse/JBEAP-21263"
      },
      {
        "category": "external",
        "summary": "JBEAP-21270",
        "url": "https://issues.redhat.com/browse/JBEAP-21270"
      },
      {
        "category": "external",
        "summary": "JBEAP-21276",
        "url": "https://issues.redhat.com/browse/JBEAP-21276"
      },
      {
        "category": "external",
        "summary": "JBEAP-21277",
        "url": "https://issues.redhat.com/browse/JBEAP-21277"
      },
      {
        "category": "external",
        "summary": "JBEAP-21281",
        "url": "https://issues.redhat.com/browse/JBEAP-21281"
      },
      {
        "category": "external",
        "summary": "JBEAP-21300",
        "url": "https://issues.redhat.com/browse/JBEAP-21300"
      },
      {
        "category": "external",
        "summary": "JBEAP-21309",
        "url": "https://issues.redhat.com/browse/JBEAP-21309"
      },
      {
        "category": "external",
        "summary": "JBEAP-21313",
        "url": "https://issues.redhat.com/browse/JBEAP-21313"
      },
      {
        "category": "external",
        "summary": "JBEAP-21472",
        "url": "https://issues.redhat.com/browse/JBEAP-21472"
      },
      {
        "category": "external",
        "summary": "JBEAP-21569",
        "url": "https://issues.redhat.com/browse/JBEAP-21569"
      },
      {
        "category": "external",
        "summary": "JBEAP-21777",
        "url": "https://issues.redhat.com/browse/JBEAP-21777"
      },
      {
        "category": "external",
        "summary": "JBEAP-21781",
        "url": "https://issues.redhat.com/browse/JBEAP-21781"
      },
      {
        "category": "external",
        "summary": "JBEAP-21818",
        "url": "https://issues.redhat.com/browse/JBEAP-21818"
      },
      {
        "category": "external",
        "summary": "JBEAP-21961",
        "url": "https://issues.redhat.com/browse/JBEAP-21961"
      },
      {
        "category": "external",
        "summary": "JBEAP-21978",
        "url": "https://issues.redhat.com/browse/JBEAP-21978"
      },
      {
        "category": "external",
        "summary": "JBEAP-22009",
        "url": "https://issues.redhat.com/browse/JBEAP-22009"
      },
      {
        "category": "external",
        "summary": "JBEAP-22084",
        "url": "https://issues.redhat.com/browse/JBEAP-22084"
      },
      {
        "category": "external",
        "summary": "JBEAP-22088",
        "url": "https://issues.redhat.com/browse/JBEAP-22088"
      },
      {
        "category": "external",
        "summary": "JBEAP-22160",
        "url": "https://issues.redhat.com/browse/JBEAP-22160"
      },
      {
        "category": "external",
        "summary": "JBEAP-22209",
        "url": "https://issues.redhat.com/browse/JBEAP-22209"
      },
      {
        "category": "external",
        "summary": "JBEAP-22318",
        "url": "https://issues.redhat.com/browse/JBEAP-22318"
      },
      {
        "category": "external",
        "summary": "JBEAP-22319",
        "url": "https://issues.redhat.com/browse/JBEAP-22319"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3656.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.1 security update on RHEL 7",
    "tracking": {
      "current_release_date": "2024-12-09T16:34:23+00:00",
      "generator": {
        "date": "2024-12-09T16:34:23+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2021:3656",
      "initial_release_date": "2021-09-23T16:18:03+00:00",
      "revision_history": [
        {
          "date": "2021-09-23T16:18:03+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-09-23T16:18:03+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-09T16:34:23+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
                "product": {
                  "name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
                  "product_id": "7Server-JBEAP-7.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src",
                  "product_id": "eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-yasson@1.0.9-1.redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
                  "product_id": "eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-velocity@2.3.0-1.redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
                "product": {
                  "name": "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
                  "product_id": "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-picketbox@5.0.3-9.Final_redhat_00008.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty@4.1.63-1.Final_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-1.Final_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
                "product": {
                  "name": "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
                  "product_id": "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jakarta-el@3.0.3-2.redhat_00006.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
                  "product_id": "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-commons-io@2.10.0-1.redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
                  "product_id": "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-artemis-wildfly-integration@1.0.4-1.redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.1-1.Final_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.21-1.Final_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.16-1.Final_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.23-2.SP1_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.35-1.Final_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.7-1.Final_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.5-1.Final_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan@11.0.12-1.Final_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
                "product": {
                  "name": "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
                  "product_id": "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-36.redhat_00013.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.1.8-1.Final_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.14-2.Final_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-undertow@2.2.9-2.SP1_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
                "product": {
                  "name": "eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
                  "product_id": "eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-8.Final_redhat_00009.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
                "product": {
                  "name": "eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
                  "product_id": "eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.1-2.GA_redhat_00003.1.el7eap?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-yasson@1.0.9-1.redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-velocity@2.3.0-1.redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-velocity-engine-core@2.3.0-1.redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
                "product": {
                  "name": "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
                  "product_id": "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-picketbox@5.0.3-9.Final_redhat_00008.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
                "product": {
                  "name": "eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
                  "product_id": "eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-picketbox-infinispan@5.0.3-9.Final_redhat_00008.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty@4.1.63-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty-all@4.1.63-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
                  "product_id": "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jakarta-el@3.0.3-2.redhat_00006.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-commons-io@2.10.0-1.redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-artemis-wildfly-integration@1.0.4-1.redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.1-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.16-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.23-2.SP1_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.35-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.35-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.35-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.35-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.35-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.35-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.35-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.35-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.35-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.7-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.5-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.5-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan@11.0.12-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@11.0.12-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@11.0.12-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@11.0.12-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan-commons@11.0.12-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan-component-annotations@11.0.12-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan-core@11.0.12-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@11.0.12-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@11.0.12-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@11.0.12-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
                "product": {
                  "name": "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
                  "product_id": "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-36.redhat_00013.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.1.8-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.1.8-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.1.8-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.1.8-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.14-2.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-undertow@2.2.9-2.SP1_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-8.Final_redhat_00009.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-8.Final_redhat_00009.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-8.Final_redhat_00009.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.1-2.GA_redhat_00003.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.1-2.GA_redhat_00003.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.1-2.GA_redhat_00003.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.1-2.GA_redhat_00003.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.1-2.GA_redhat_00003.1.el7eap?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch"
        },
        "product_reference": "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src"
        },
        "product_reference": "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src"
        },
        "product_reference": "eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch"
        },
        "product_reference": "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src"
        },
        "product_reference": "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch"
        },
        "product_reference": "eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src"
        },
        "product_reference": "eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch"
        },
        "product_reference": "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src"
        },
        "product_reference": "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-13936",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2021-03-10T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1937440"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "velocity: arbitrary code execution when attacker is able to modify templates",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform (OCP) openshift-logging/elasticsearch6-rhel8 container does contain a vulnerable version of velocity. The references to the library only occur in the x-pack component which is an enterprise-only feature of Elasticsearch - hence it has been marked as wontfix as this time and may be fixed in a future release. Additionally the hive container only references velocity in the testutils of the code but the code still exists in the container, as such it has been given a Moderate impact.\n\n* Velocity as shipped with Red Hat Enterprise Linux 6 is not affected because it does not contain the vulnerable code.\n\n* Velocity as shipped with Red Hat Enterprise Linux 7 contains a vulnerable version, but it is used as a dependency for IdM/ipa, which does not use the vulnerable functionality. It has been marked as Moderate for this reason.\n\n* Although velocity shipped in Red Hat Enterprise Linux 8\u0027s pki-deps:10.6 for IdM/ipa is a vulnerable version, the vulnerable code is not used by pki. It has been marked as Low for this reason.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-13936"
        },
        {
          "category": "external",
          "summary": "RHBZ#1937440",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937440"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-13936",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13936",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13936"
        }
      ],
      "release_date": "2021-03-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-09-23T16:18:03+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3656"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "velocity: arbitrary code execution when attacker is able to modify templates"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Damian Bury"
          ]
        }
      ],
      "cve": "CVE-2021-3536",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2021-02-12T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1948001"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack (XSS). The highest threat from this vulnerability is to confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wildfly: XSS via admin console when creating roles in domain mode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw does not affect Red Hat CodeReady Studio 12 because it uses the Wildfly client only. The domain mode is not used.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-3536"
        },
        {
          "category": "external",
          "summary": "RHBZ#1948001",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948001"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3536",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3536"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3536",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3536"
        }
      ],
      "release_date": "2021-04-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-09-23T16:18:03+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3656"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "wildfly: XSS via admin console when creating roles in domain mode"
    },
    {
      "cve": "CVE-2021-3597",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "discovery_date": "2021-02-06T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1970930"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-3597"
        },
        {
          "category": "external",
          "summary": "RHBZ#1970930",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970930"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3597",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3597"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3597",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3597"
        }
      ],
      "release_date": "2021-06-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-09-23T16:18:03+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3656"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS"
    },
    {
      "cve": "CVE-2021-3642",
      "cwe": {
        "id": "CWE-203",
        "name": "Observable Discrepancy"
      },
      "discovery_date": "2021-06-30T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1981407"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Wildfly Elytron where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wildfly-elytron: possible timing attack in ScramServer",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-3642"
        },
        {
          "category": "external",
          "summary": "RHBZ#1981407",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981407"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3642",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3642"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3642",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3642"
        }
      ],
      "release_date": "2021-06-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-09-23T16:18:03+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3656"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "wildfly-elytron: possible timing attack in ScramServer"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Darran Lofthouse"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2021-3644",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-02-24T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1976052"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wildfly-core: Invalid Sensitivity Classification of Vault Expression",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat CodeReady Studio 12 is not affected by this flaw as it does not ship the vulnerable component of wildfly.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-3644"
        },
        {
          "category": "external",
          "summary": "RHBZ#1976052",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1976052"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3644",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3644"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3644",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3644"
        }
      ],
      "release_date": "2021-07-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-09-23T16:18:03+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3656"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "wildfly-core: Invalid Sensitivity Classification of Vault Expression"
    },
    {
      "cve": "CVE-2021-3690",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "discovery_date": "2021-08-06T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1991299"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "undertow: buffer leak on incoming websocket PONG message may lead to DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Although Red Hat OpenStack Platform packages the vulnerable code in Opendaylight, it does not use or support the undertow-encapsulating features. The security impact for RHOSP is therefore rated as Low and no update will be provided at this time.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-3690"
        },
        {
          "category": "external",
          "summary": "RHBZ#1991299",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991299"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3690",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3690"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3690",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3690"
        }
      ],
      "release_date": "2021-07-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-09-23T16:18:03+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3656"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "undertow: buffer leak on incoming websocket PONG message may lead to DoS"
    },
    {
      "cve": "CVE-2021-21295",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2021-03-09T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1937364"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel\u0027s pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty: possible request smuggling in HTTP/2 due missing validation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21295"
        },
        {
          "category": "external",
          "summary": "RHBZ#1937364",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937364"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21295",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21295",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21295"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj"
        }
      ],
      "release_date": "2021-03-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-09-23T16:18:03+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3656"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty: possible request smuggling in HTTP/2 due missing validation"
    },
    {
      "cve": "CVE-2021-21409",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2021-03-30T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1944888"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The highest threat from this vulnerability is to integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty: Request smuggling via content-length header",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Satellite ships a vulnerable Netty version embedded in Candlepin. However, it is not directly vulnerable since the HTTP requests are handled by Tomcat and not by Netty.\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.\n\nIn OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21409"
        },
        {
          "category": "external",
          "summary": "RHBZ#1944888",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944888"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21409",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
        }
      ],
      "release_date": "2021-03-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-09-23T16:18:03+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3656"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty: Request smuggling via content-length header"
    },
    {
      "cve": "CVE-2021-28170",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-05-26T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1965497"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-28170"
        },
        {
          "category": "external",
          "summary": "RHBZ#1965497",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965497"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-28170",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-28170"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28170",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28170"
        },
        {
          "category": "external",
          "summary": "https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/",
          "url": "https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/"
        }
      ],
      "release_date": "2021-04-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-09-23T16:18:03+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3656"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate"
    },
    {
      "cve": "CVE-2021-29425",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2021-04-12T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1948752"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like \"//../foo\", or \"\\\\..\\foo\", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus \"limited\" path traversal), if the calling code would use the result to construct a path value.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "While the apache-commons-io package included in Red Hat Enterprise Linux 8 Maven App Stream contains the vulnerable code, it is not used in any way by Maven or other packages in this module.  This package is not an API component of Maven, thus the affected code can not be reached in any supported scenario.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-29425"
        },
        {
          "category": "external",
          "summary": "RHBZ#1948752",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948752"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-29425",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29425",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29425"
        }
      ],
      "release_date": "2021-04-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-09-23T16:18:03+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3656"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el7eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.