Details of VAR-202003-1778

ID

VAR-202003-1778

CVE

CVE-2020-10673

TITLE

FasterXML jackson-databind Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202003-1151

DESCRIPTION

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4 due to insecure deserialization of com.caucho.config.types.ResourceRef (caucho-quercus). A remote attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. Description: Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. Security Fix(es): * apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086) * cxf: does not restrict the number of message attachments (CVE-2019-12406) * cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12419) * hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219) * HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) * HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) * HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515) * HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511) * jackson-databind: Multiple serialization gadgets (CVE-2019-17531, CVE-2019-16943, CVE-2019-16942, CVE-2019-17267, CVE-2019-14540, CVE-2019-16335, CVE-2019-14893, CVE-2019-14892, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548, CVE-2020-10969, CVE-2020-10968, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619, CVE-2020-11620, CVE-2019-20330, CVE-2020-8840) * jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672, CVE-2020-10673) * keycloak: adapter endpoints are exposed via arbitrary URLs (CVE-2019-14820) * keycloak: missing signatures validation on CRL used to verify client certificates (CVE-2019-3875) * keycloak: SAML broker does not check existence of signature on document allowing any user impersonation (CVE-2019-10201) * keycloak: CSRF check missing in My Resources functionality in the Account Console (CVE-2019-10199) * keycloak: cross-realm user access auth bypass (CVE-2019-14832) * netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling (CVE-2020-7238) * SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader (CVE-2020-1729) * thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210) * thrift: Endless loop when feed with specific input data (CVE-2019-0205) * undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS (CVE-2019-14888) * wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use (CVE-2019-14887) * wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default (CVE-2019-14838) * xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source (CVE-2019-12400) For more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section. Summary: This is a security update for JBoss EAP Continuous Delivery 20. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258 5. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update Advisory ID: RHSA-2020:3464-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:3464 Issue date: 2020-08-17 CVE Names: CVE-2019-14900 CVE-2020-1710 CVE-2020-1748 CVE-2020-10672 CVE-2020-10673 CVE-2020-10683 CVE-2020-10687 CVE-2020-10693 CVE-2020-10714 CVE-2020-10718 CVE-2020-10740 CVE-2020-14297 CVE-2020-14307 ===================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718) * dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683) * wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714) * wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687) * jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673) * hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900) * wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740) * jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672) * undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710) * hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693) * wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748) * wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297) For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. 3. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. The References section of this erratum contains a download link (you must log in to download the update). The JBoss server process must be restarted for the update to take effect. 4. Bugs fixed (https://bugzilla.redhat.com/): 1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM 1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser 1785049 - CVE-2020-10687 Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests 1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1828476 - CVE-2020-10718 wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API 1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans 1851327 - CVE-2020-14307 wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service 1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service 5. JIRA issues fixed (https://issues.jboss.org/): JBEAP-18793 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.16 to 5.3.17 JBEAP-19095 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.20 to 1.0.21 JBEAP-19134 - (7.3.z) Upgrade HAL from 3.2.8.Final-redhat-00001 to 3.2.9.Final JBEAP-19185 - (7.3.z) Upgrade IronJacamar from 1.4.20.Final to 1.4.22.Final JBEAP-19203 - (7.3.z) WFCORE-4850 - Updating mockserver to 5.9.0. Exclusion of dependency from xom.io7m JBEAP-19205 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.x JBEAP-19269 - [GSS](7.3.z) Upgrade jboss-logmanager from 2.1.14.Final to 2.1.15.Final JBEAP-19322 - (7.3.z) Upgrade XNIO from 3.7.7 to 3.7.8.SP1 JBEAP-19325 - (7.3.z) Upgrade Infinispan from 9.4.18.Final-redhat-00001 to 9.4.19.Final-redhat-00001 JBEAP-19397 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP09-redhat-00001 to 2.3.9.SP11-redhat-00001 JBEAP-19529 - (7.3.z) Update PR template to include PR-processor hints. JBEAP-19564 - [GSS](7.3.z) Upgrade jboss-ejb-client from 4.0.31.Final-redhat-00001 to 4.0.33.Final-redhat-00001 JBEAP-19585 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.4 to 2.0.6 JBEAP-19617 - (7.3.z) Upgrade wildfly-naming-client from 1.0.12.Final-redhat-00001 to 1.0.13.Final-redhat-00001 JBEAP-19619 - (7.3.z) Upgrade JBoss JSF API from 3.0.0.SP02-redhat-00001 to 3.0.0.SP04-redhat-00001 JBEAP-19673 - (7.3.z) [WFCORE] Upgrade WildFly Common to 1.5.2.Final JBEAP-19674 - (7.3.z) [WFCORE] Upgrade galleon and wildfly-galleon-plugins from 4.1.2.Final to 4.2.4.Final JBEAP-19874 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.21.Final-redhat-00001 to 1.0.22.Final-redhat-00001 6. References: https://access.redhat.com/security/cve/CVE-2019-14900 https://access.redhat.com/security/cve/CVE-2020-1710 https://access.redhat.com/security/cve/CVE-2020-1748 https://access.redhat.com/security/cve/CVE-2020-10672 https://access.redhat.com/security/cve/CVE-2020-10673 https://access.redhat.com/security/cve/CVE-2020-10683 https://access.redhat.com/security/cve/CVE-2020-10687 https://access.redhat.com/security/cve/CVE-2020-10693 https://access.redhat.com/security/cve/CVE-2020-10714 https://access.redhat.com/security/cve/CVE-2020-10718 https://access.redhat.com/security/cve/CVE-2020-10740 https://access.redhat.com/security/cve/CVE-2020-14297 https://access.redhat.com/security/cve/CVE-2020-14307 https://access.redhat.com/security/updates/classification/#important 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXzqFetzjgjWX9erEAQjNDA//Y/Zl6hf0p+yZZrC2m22ATxdzQIbOd7bD dtSKpTEwRvc9ln2cDsk7sd0tTFn8FgKKRMvWpdzfVjY+WLmizfVSRlvgbJL2ZXUG Ck0HLXWlK7dczWOxhkBalv+r+y4LNi8kBx4wX4yblw8R1Iqcz3UxA396Gsd299WP 3hocPCyoYS5V8P386ms4SwmQjBmpEw/ucbyMQg03+v0vcUhk+/+a4VNMBgqT9F67 L/vFkKu1f1BYZcUwyH2OV1WkWWqO/2ff0PwM+/wNtwasbtgiPWJPhe5/SIiPbcNs gWVcjVLx2muY9SLK/8dVNYtjpjeJeMaU0IJ954FG/V5HC4VURvLA8tN4RHhp9Evr 988S1F9mFO03wxBZHb/QT3RPSuhj6dUxs4+Mshf2GBFhtW4qfmymBd+HZKwjcoOI j7NHdEBw+67gg5h881ia/cWHbo8c9Vlt2mT5uZEvN7dEy626o1+gjphTc92YQUpl oFJkYnlGEk+j06hDG8hiwcIgnDxgERGapNzZWC/akjZ/9lqpcjiObYliUccwHLbT Om7OS7+enXHiW8HlSnqbOAhXCGWVczui+MoG+v4bAtRrxI3jBj06Of1FVIomhsE7 pAj6hsLSBFDlDHWq4Kz74vKPMfurHKtWw0YO7YLvXeih0gjo1tN7bf9RNn+wP7XB KIlPzRCCrl0= =Ew+E -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 1.71

sources: NVD: CVE-2020-10673 // VULHUB: VHN-163175 // VULMON: CVE-2020-10673 // PACKETSTORM: 158650 // PACKETSTORM: 157741 // PACKETSTORM: 159081 // PACKETSTORM: 159015 // PACKETSTORM: 159080 // PACKETSTORM: 158881 // PACKETSTORM: 159082

AFFECTED PRODUCTS

vendor:	oracle	model:	communications contacts server	scope:	eq	version:	8.0.0.4.0	Trust: 1.0
vendor:	oracle	model:	communications network charging and control	scope:	lte	version:	12.0.3	Trust: 1.0
vendor:	oracle	model:	communications session route manager	scope:	gte	version:	8.2.0	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications infrastructure	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	lte	version:	17.12	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	eq	version:	16.1	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	15.0	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications infrastructure	scope:	lte	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	jd edwards enterpriseone tools	scope:	lt	version:	9.2.4.2	Trust: 1.0
vendor:	oracle	model:	communications evolved communications application server	scope:	eq	version:	7.1	Trust: 1.0
vendor:	oracle	model:	communications session route manager	scope:	lte	version:	8.2.2	Trust: 1.0
vendor:	oracle	model:	retail sales audit	scope:	eq	version:	14.1	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	19.0	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	18.0	Trust: 1.0
vendor:	oracle	model:	financial services institutional performance analytics	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	oracle	model:	insurance policy administration j2ee	scope:	eq	version:	11.1.0.15	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	18.1	Trust: 1.0
vendor:	oracle	model:	global lifecycle management opatch	scope:	lt	version:	12.2.0.1.20	Trust: 1.0
vendor:	oracle	model:	retail merchandising system	scope:	eq	version:	15.0	Trust: 1.0
vendor:	oracle	model:	financial services price creation and discovery	scope:	eq	version:	8.0.7	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	lte	version:	2.9.0	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	20.1	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	lt	version:	2.9.10.4	Trust: 1.0
vendor:	oracle	model:	communications session report manager	scope:	gte	version:	8.2.0	Trust: 1.0
vendor:	oracle	model:	communications instant messaging server	scope:	eq	version:	10.0.1.4.0	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	18.2	Trust: 1.0
vendor:	netapp	model:	steelstore cloud integrated storage	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	communications session report manager	scope:	lte	version:	8.2.2	Trust: 1.0
vendor:	oracle	model:	jd edwards enterpriseone orchestrator	scope:	lt	version:	9.2.4.2	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	eq	version:	16.2	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	eq	version:	18.8	Trust: 1.0
vendor:	oracle	model:	retail service backbone	scope:	eq	version:	15.0	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	16.0	Trust: 1.0
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	13.4.0.0	Trust: 1.0
vendor:	oracle	model:	communications element manager	scope:	gte	version:	8.2.0	Trust: 1.0
vendor:	oracle	model:	financial services institutional performance analytics	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	communications element manager	scope:	lte	version:	8.2.2	Trust: 1.0
vendor:	oracle	model:	insurance policy administration j2ee	scope:	eq	version:	11.0.2.25	Trust: 1.0
vendor:	oracle	model:	agile plm	scope:	eq	version:	9.3.6	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	19.2	Trust: 1.0
vendor:	oracle	model:	communications contacts server	scope:	eq	version:	8.0.0.5.0	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	lt	version:	2.6.7.4	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	gte	version:	17.7	Trust: 1.0
vendor:	oracle	model:	autovue for agile product lifecycle management	scope:	eq	version:	21.0.2	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	eq	version:	19.12	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	17.0	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	oracle	model:	financial services price creation and discovery	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	19.1	Trust: 1.0
vendor:	oracle	model:	communications network charging and control	scope:	eq	version:	6.0.1	Trust: 1.0
vendor:	oracle	model:	retail service backbone	scope:	eq	version:	14.1	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	lte	version:	8.2.2	Trust: 1.0
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	13.3.0.0	Trust: 1.0
vendor:	oracle	model:	retail service backbone	scope:	eq	version:	16.0	Trust: 1.0
vendor:	oracle	model:	financial services retail customer analytics	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	financial services institutional performance analytics	scope:	eq	version:	8.0.7	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	gte	version:	2.9.0	Trust: 1.0
vendor:	oracle	model:	communications calendar server	scope:	eq	version:	8.0.0.4.0	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	gte	version:	2.4.0	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	18.3	Trust: 1.0
vendor:	oracle	model:	communications network charging and control	scope:	gte	version:	12.0.0	Trust: 1.0

sources: NVD: CVE-2020-10673

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-10673
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2020-10673
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202003-1151
value:	HIGH
Trust: 0.6
VULHUB:	VHN-163175
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-10673
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-10673
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-163175
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-10673
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-163175 // VULMON: CVE-2020-10673 // CNNVD: CNNVD-202003-1151 // NVD: CVE-2020-10673 // NVD: CVE-2020-10673

PROBLEMTYPE DATA

problemtype:	CWE-502	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0

sources: NVD: CVE-2020-10673

THREAT TYPE

remote

Trust: 1.1

sources: PACKETSTORM: 159081 // PACKETSTORM: 159015 // PACKETSTORM: 159080 // PACKETSTORM: 158881 // PACKETSTORM: 159082 // CNNVD: CNNVD-202003-1151

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202003-1151

PATCH

title:	FasterXML jackson-databind Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112629	Trust: 0.6
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203461 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203462 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203463 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203464 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.4.2 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203501 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 7 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203638 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: EAP Continuous Delivery Technical Preview Release 20 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203585 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 6 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203637 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 8 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203639 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203642 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Data Grid 7.3.7 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203779 - Security Advisory	Trust: 0.1
title:	IBM: Security Bulletin: Multiple Security Vulnerabilities in Jackson-Databind Affect IBM Sterling B2B Integrator	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=9bb4efe27af18414a7db703d1dd40070	Trust: 0.1
title:	Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203196 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203197 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202067 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Fuse 7.7.0 release and security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203192 - Security Advisory	Trust: 0.1
title:	Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2021-109	Trust: 0.1
title:	IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=f974282a27702bae4111bf7716ee6cf6	Trust: 0.1
title:	IBM: Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics â€“ Log Analysis	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=1db4c8cb14383c63d0c04205c943ef8a	Trust: 0.1
title:	CVE-2020-10673	url:	https://github.com/Al1ex/CVE-2020-10673	Trust: 0.1
title:	Cubed	url:	https://github.com/yahoo/cubed	Trust: 0.1
title:	https://github.com/huike007/poc	url:	https://github.com/huike007/poc	Trust: 0.1

sources: VULMON: CVE-2020-10673 // CNNVD: CNNVD-202003-1151

EXTERNAL IDS

db:	NVD	id:	CVE-2020-10673	Trust: 2.5
db:	PACKETSTORM	id:	159015	Trust: 0.8
db:	CNNVD	id:	CNNVD-202003-1151	Trust: 0.7
db:	PACKETSTORM	id:	159083	Trust: 0.7
db:	PACKETSTORM	id:	159208	Trust: 0.7
db:	PACKETSTORM	id:	158651	Trust: 0.7
db:	PACKETSTORM	id:	158916	Trust: 0.7
db:	PACKETSTORM	id:	158891	Trust: 0.7
db:	NSFOCUS	id:	48050	Trust: 0.6
db:	CS-HELP	id:	SB2022060909	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1766	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2837	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2588	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2619	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1040	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3065	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3190	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2826	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2992	Trust: 0.6
db:	PACKETSTORM	id:	159080	Trust: 0.2
db:	PACKETSTORM	id:	159082	Trust: 0.2
db:	PACKETSTORM	id:	159081	Trust: 0.2
db:	PACKETSTORM	id:	158881	Trust: 0.2
db:	PACKETSTORM	id:	158650	Trust: 0.2
db:	PACKETSTORM	id:	158884	Trust: 0.1
db:	PACKETSTORM	id:	158889	Trust: 0.1
db:	VULHUB	id:	VHN-163175	Trust: 0.1
db:	VULMON	id:	CVE-2020-10673	Trust: 0.1
db:	PACKETSTORM	id:	157741	Trust: 0.1

sources: VULHUB: VHN-163175 // VULMON: CVE-2020-10673 // PACKETSTORM: 158650 // PACKETSTORM: 157741 // PACKETSTORM: 159081 // PACKETSTORM: 159015 // PACKETSTORM: 159080 // PACKETSTORM: 158881 // PACKETSTORM: 159082 // CNNVD: CNNVD-202003-1151 // NVD: CVE-2020-10673

REFERENCES

url:	https://security.netapp.com/advisory/ntap-20200403-0002/	Trust: 1.7
url:	https://github.com/fasterxml/jackson-databind/issues/2660	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpujan2021.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpujul2020.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpuoct2020.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpuoct2021.html	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10673	Trust: 1.2
url:	https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062	Trust: 1.0
url:	https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062	Trust: 0.7
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2020-10673	Trust: 0.7
url:	https://access.redhat.com/security/team/contact/	Trust: 0.7
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.7
url:	https://bugzilla.redhat.com/):	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2020-10672	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060909	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2992/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-shipped-with-ibm-cloud-pak-system/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159015/red-hat-security-advisory-2020-3585-01.html	Trust: 0.6
url:	https://vigilance.fr/vulnerability/fasterxml-jackson-databind-privilege-escalation-via-resourceref-31850	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2588/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2837/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6525182	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-10673-cve-2020-1112-cve-2020-11113-cve-2020-10672-cve-2020-10968-cve-2020-10969-cve-2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2619/	Trust: 0.6
url:	https://packetstormsecurity.com/files/158916/red-hat-security-advisory-2020-3501-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1766/	Trust: 0.6
url:	https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/158891/red-hat-security-advisory-2020-3463-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6528214	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-3/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/48050	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2826/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3190/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1040/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159083/red-hat-security-advisory-2020-3642-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3065/	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-9547	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-9546	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-9548	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-8840	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10672	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10740	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-10714	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14900	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10683	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10714	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-10683	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2019-14900	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-10740	Trust: 0.5
url:	https://issues.jboss.org/):	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-6950	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1710	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14297	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10693	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10687	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-14297	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-10693	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-10687	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6950	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14307	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-14307	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-1710	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-10718	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10718	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1748	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-1748	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-1695	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9547	Trust: 0.3
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1695	Trust: 0.3
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9548	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9546	Trust: 0.3
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8840	Trust: 0.3
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-11112	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12406	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-11113	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9514	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-10968	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-9512	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-12406	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11612	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-9514	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20330	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-9515	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-11619	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-10969	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-11620	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-20330	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9512	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-7238	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-11612	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-11111	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14060	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17573	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20444	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1718	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14060	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9515	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-13990	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11620	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17573	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14061	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20445	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1718	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9518	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20444	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13990	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3196	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14062	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=rhdm&version=7.8.0	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-16869	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11619	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7238	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11111	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12423	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11112	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16869	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12423	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10968	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20445	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9518	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10969	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14061	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11113	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14062	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-16335	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-3875	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14832	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-16943	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10201	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.5/html/release_notes_for_thorntail_2.5/	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:2067	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3875	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14838	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9511	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12400	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0210	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0205	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12419	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17531	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16335	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-0210	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10086	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10219	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14832	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17531	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14540	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17267	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10199	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=catrhoar.thorntail&version=2.5.1	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9511	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16942	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14887	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14892	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10201	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1729	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16943	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12419	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17267	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-0205	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14893	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10199	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-16942	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14893	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14888	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12400	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14838	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14892	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10219	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10086	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14887	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14540	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14820	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14820	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14888	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3637	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1719	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10172	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3585	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product\xeap-cd&version	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10719	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1719	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1954	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10705	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10172	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10705	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10719	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/20/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14371	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-14371	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1954	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3639	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3464	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3638	Trust: 0.1

sources: VULHUB: VHN-163175 // PACKETSTORM: 158650 // PACKETSTORM: 157741 // PACKETSTORM: 159081 // PACKETSTORM: 159015 // PACKETSTORM: 159080 // PACKETSTORM: 158881 // PACKETSTORM: 159082 // CNNVD: CNNVD-202003-1151 // NVD: CVE-2020-10673

CREDITS

Red Hat

Trust: 1.3

sources: PACKETSTORM: 158650 // PACKETSTORM: 157741 // PACKETSTORM: 159081 // PACKETSTORM: 159015 // PACKETSTORM: 159080 // PACKETSTORM: 158881 // PACKETSTORM: 159082 // CNNVD: CNNVD-202003-1151

SOURCES

db:	VULHUB	id:	VHN-163175
db:	VULMON	id:	CVE-2020-10673
db:	PACKETSTORM	id:	158650
db:	PACKETSTORM	id:	157741
db:	PACKETSTORM	id:	159081
db:	PACKETSTORM	id:	159015
db:	PACKETSTORM	id:	159080
db:	PACKETSTORM	id:	158881
db:	PACKETSTORM	id:	159082
db:	CNNVD	id:	CNNVD-202003-1151
db:	NVD	id:	CVE-2020-10673

LAST UPDATE DATE

2025-06-26T22:40:45.524000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-163175	date:	2021-12-07T00:00:00
db:	VULMON	id:	CVE-2020-10673	date:	2023-11-07T00:00:00
db:	CNNVD	id:	CNNVD-202003-1151	date:	2022-06-10T00:00:00
db:	NVD	id:	CVE-2020-10673	date:	2024-11-21T04:55:49.360

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-163175	date:	2020-03-18T00:00:00
db:	VULMON	id:	CVE-2020-10673	date:	2020-03-18T00:00:00
db:	PACKETSTORM	id:	158650	date:	2020-07-29T17:52:58
db:	PACKETSTORM	id:	157741	date:	2020-05-18T16:42:53
db:	PACKETSTORM	id:	159081	date:	2020-09-07T16:38:23
db:	PACKETSTORM	id:	159015	date:	2020-08-31T16:22:15
db:	PACKETSTORM	id:	159080	date:	2020-09-07T16:37:51
db:	PACKETSTORM	id:	158881	date:	2020-08-17T15:35:45
db:	PACKETSTORM	id:	159082	date:	2020-09-07T16:39:28
db:	CNNVD	id:	CNNVD-202003-1151	date:	2020-03-18T00:00:00
db:	NVD	id:	CVE-2020-10673	date:	2020-03-18T22:15:12.407