rhsa-2022_4919
Vulnerability from csaf_redhat
Published
2022-06-06 16:00
Modified
2024-12-01 12:43
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 8
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)
* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)
* h2: Remote Code Execution in Console (CVE-2021-42392)
* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)
* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)
* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)
* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)
* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)
* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)
* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)\n\n* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:4919", "url": "https://access.redhat.com/errata/RHSA-2022:4919" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2004133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133" }, { "category": "external", "summary": "2004135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2041472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041472" }, { "category": "external", "summary": "2044596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596" }, { "category": "external", "summary": "2047200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200" }, { "category": "external", "summary": "2047343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "category": "external", "summary": "2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "JBEAP-23121", "url": "https://issues.redhat.com/browse/JBEAP-23121" }, { "category": "external", "summary": "JBEAP-23171", "url": "https://issues.redhat.com/browse/JBEAP-23171" }, { "category": "external", "summary": "JBEAP-23194", "url": "https://issues.redhat.com/browse/JBEAP-23194" }, { "category": "external", "summary": "JBEAP-23241", "url": "https://issues.redhat.com/browse/JBEAP-23241" }, { "category": "external", "summary": "JBEAP-23299", "url": "https://issues.redhat.com/browse/JBEAP-23299" }, { "category": "external", "summary": "JBEAP-23300", "url": "https://issues.redhat.com/browse/JBEAP-23300" }, { "category": "external", "summary": "JBEAP-23312", "url": "https://issues.redhat.com/browse/JBEAP-23312" }, { "category": "external", "summary": "JBEAP-23313", "url": "https://issues.redhat.com/browse/JBEAP-23313" }, { "category": "external", "summary": "JBEAP-23336", "url": "https://issues.redhat.com/browse/JBEAP-23336" }, { "category": "external", "summary": "JBEAP-23338", "url": "https://issues.redhat.com/browse/JBEAP-23338" }, { "category": "external", "summary": "JBEAP-23339", "url": "https://issues.redhat.com/browse/JBEAP-23339" }, { "category": "external", "summary": "JBEAP-23351", "url": "https://issues.redhat.com/browse/JBEAP-23351" }, { "category": "external", "summary": "JBEAP-23353", "url": "https://issues.redhat.com/browse/JBEAP-23353" }, { "category": "external", "summary": "JBEAP-23429", "url": "https://issues.redhat.com/browse/JBEAP-23429" }, { "category": "external", "summary": "JBEAP-23432", "url": "https://issues.redhat.com/browse/JBEAP-23432" }, { "category": "external", "summary": "JBEAP-23451", "url": "https://issues.redhat.com/browse/JBEAP-23451" }, { "category": "external", "summary": "JBEAP-23531", "url": "https://issues.redhat.com/browse/JBEAP-23531" }, { "category": "external", "summary": "JBEAP-23532", "url": "https://issues.redhat.com/browse/JBEAP-23532" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4919.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 8", "tracking": { "current_release_date": "2024-12-01T12:43:34+00:00", "generator": { "date": "2024-12-01T12:43:34+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:4919", "initial_release_date": "2022-06-06T16:00:48+00:00", "revision_history": [ { "date": "2022-06-06T16:00:48+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-06-06T16:00:48+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-01T12:43:34+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.4 for RHEL 8", "product": { "name": "Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "product": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "product_id": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "product": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "product_id": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "product": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "product_id": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.6-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "product": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "product_id": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", "product": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", "product_id": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "product": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "product_id": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "product_id": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "product": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "product_id": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "product": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "product_id": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el8eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "product_id": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "product_id": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "product_id": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.12-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_id": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "product_id": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.23-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "product_id": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-16.Final_redhat_00015.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-16.Final_redhat_00015.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "product": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "product_id": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-all@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-buffer@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-dns@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-haproxy@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-http@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-http2@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-memcache@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-mqtt@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-redis@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-smtp@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-socks@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-stomp@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-xml@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-common@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-handler@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-handler-proxy@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver-dns@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver-dns-classes-macos@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-classes-epoll@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-classes-kqueue@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-unix-common@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-rxtx@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-sctp@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-udt@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.5-3.GA_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.5-3.GA_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "product": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "product_id": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el8eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "product": { "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "product_id": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll-debuginfo@4.1.72-1.Final_redhat_00001.1.el8eap?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src" }, "product_reference": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src" }, "product_reference": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src" }, "product_reference": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src" }, "product_reference": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64" }, "product_reference": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64" }, "product_reference": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch" }, "product_reference": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src" }, "product_reference": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-37136", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004133" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty\u0027s netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data", "title": "Vulnerability summary" }, { "category": "other", "text": "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37136" }, { "category": "external", "summary": "RHBZ#2004133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37136", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37136" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv" } ], "release_date": "2021-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data" }, { "cve": "CVE-2021-37137", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004135" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Netty\u0027s netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37137" }, { "category": "external", "summary": "RHBZ#2004135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37137", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv" } ], "release_date": "2021-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "cve": "CVE-2022-0853", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2022-03-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060725" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-client: memory leakage in remote client transaction", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0853" }, { "category": "external", "summary": "RHBZ#2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0853" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853" } ], "release_date": "2022-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-client: memory leakage in remote client transaction" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "cve": "CVE-2022-1319", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-04-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073890" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1319" }, { "category": "external", "summary": "RHBZ#2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319" } ], "release_date": "2022-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures" }, { "cve": "CVE-2022-21299", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2022-01-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041472" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21299" }, { "category": "external", "summary": "RHBZ#2041472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041472" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21299", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21299" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21299" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)" }, { "cve": "CVE-2022-21363", "cwe": { "id": "CWE-280", "name": "Improper Handling of Insufficient Permissions or Privileges " }, "discovery_date": "2022-01-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2047343" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21363" }, { "category": "external", "summary": "RHBZ#2047343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21363", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21363" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", "url": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors" }, { "cve": "CVE-2022-23221", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044596" } ], "notes": [ { "category": "description", "text": "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Loading of custom classes from remote servers through JNDI", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23221" }, { "category": "external", "summary": "RHBZ#2044596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23221", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23221" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-45hx-wfhj-473x", "url": "https://github.com/advisories/GHSA-45hx-wfhj-473x" } ], "release_date": "2022-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Loading of custom classes from remote servers through JNDI" }, { "acknowledgments": [ { "names": [ "Sergey Temnikov", "Ziyi Luo" ], "organization": "Amazon Corretto", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2022-23437", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2022-01-24T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2047200" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.", "title": "Vulnerability description" }, { "category": "summary", "text": "xerces-j2: infinite loop when handling specially crafted XML document payloads", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23437" }, { "category": "external", "summary": "RHBZ#2047200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23437", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23437" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437" } ], "release_date": "2022-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xerces-j2: infinite loop when handling specially crafted XML document payloads" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" }, { "cve": "CVE-2022-24785", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-04-05T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2072009" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Moment.js: Path traversal in moment.locale", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24785" }, { "category": "external", "summary": "RHBZ#2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4" } ], "release_date": "2022-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" }, { "category": "workaround", "details": "Sanitize the user-provided locale name before passing it to Moment.js.", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Moment.js: Path traversal in moment.locale" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.