Details of VAR-202003-1779

ID

VAR-202003-1779

CVE

CVE-2020-10672

TITLE

FasterXML jackson-databind Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202003-1150

DESCRIPTION

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms). FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x prior to 2.9.10.4 due to insecure deserialization by org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aries.transaction.jms) . A remote attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. Summary: This is a security update for JBoss EAP Continuous Delivery 19. Description: Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update Advisory ID: RHSA-2020:3462-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:3462 Issue date: 2020-08-17 CVE Names: CVE-2019-14900 CVE-2020-1710 CVE-2020-1748 CVE-2020-10672 CVE-2020-10673 CVE-2020-10683 CVE-2020-10687 CVE-2020-10693 CVE-2020-10714 CVE-2020-10718 CVE-2020-10740 CVE-2020-14297 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.3 for RHEL 7 Server - noarch 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718) * dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683) * wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714) * wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687) * jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673) * hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900) * wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740) * jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672) * undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710) * hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693) * wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748) * wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297) For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM 1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser 1785049 - CVE-2020-10687 Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests 1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1828476 - CVE-2020-10718 wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API 1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans 1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service 6. JIRA issues fixed (https://issues.jboss.org/): JBEAP-18793 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.16 to 5.3.17 JBEAP-19095 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.20 to 1.0.21 JBEAP-19134 - (7.3.z) Upgrade HAL from 3.2.8.Final-redhat-00001 to 3.2.9.Final JBEAP-19185 - (7.3.z) Upgrade IronJacamar from 1.4.20.Final to 1.4.22.Final JBEAP-19203 - (7.3.z) WFCORE-4850 - Updating mockserver to 5.9.0. Exclusion of dependency from xom.io7m JBEAP-19205 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.x JBEAP-19269 - [GSS](7.3.z) Upgrade jboss-logmanager from 2.1.14.Final to 2.1.15.Final JBEAP-19322 - (7.3.z) Upgrade XNIO from 3.7.7 to 3.7.8.SP1 JBEAP-19325 - (7.3.z) Upgrade Infinispan from 9.4.18.Final-redhat-00001 to 9.4.19.Final-redhat-00001 JBEAP-19397 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP09-redhat-00001 to 2.3.9.SP11-redhat-00001 JBEAP-19410 - Tracker bug for the EAP 7.3.2 release for RHEL-7 JBEAP-19529 - (7.3.z) Update PR template to include PR-processor hints. JBEAP-19564 - [GSS](7.3.z) Upgrade jboss-ejb-client from 4.0.31.Final-redhat-00001 to 4.0.33.Final-redhat-00001 JBEAP-19585 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.4 to 2.0.6 JBEAP-19617 - (7.3.z) Upgrade wildfly-naming-client from 1.0.12.Final-redhat-00001 to 1.0.13.Final-redhat-00001 JBEAP-19619 - (7.3.z) Upgrade JBoss JSF API from 3.0.0.SP02-redhat-00001 to 3.0.0.SP04-redhat-00001 JBEAP-19673 - (7.3.z) [WFCORE] Upgrade WildFly Common to 1.5.2.Final JBEAP-19674 - (7.3.z) [WFCORE] Upgrade galleon and wildfly-galleon-plugins from 4.1.2.Final to 4.2.4.Final JBEAP-19874 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.21.Final-redhat-00001 to 1.0.22.Final-redhat-00001 7. Package List: Red Hat JBoss EAP 7.3 for RHEL 7 Server: Source: eap7-dom4j-2.1.3-1.redhat_00001.1.el7eap.src.rpm eap7-elytron-web-1.6.2-1.Final_redhat_00001.1.el7eap.src.rpm eap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el7eap.src.rpm eap7-hal-console-3.2.9-1.Final_redhat_00001.1.el7eap.src.rpm eap7-hibernate-5.3.17-1.Final_redhat_00001.1.el7eap.src.rpm eap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el7eap.src.rpm eap7-infinispan-9.4.19-1.Final_redhat_00001.1.el7eap.src.rpm eap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jackson-annotations-2.10.4-1.redhat_00001.1.el7eap.src.rpm eap7-jackson-core-2.10.4-1.redhat_00001.1.el7eap.src.rpm eap7-jackson-databind-2.10.4-1.redhat_00001.1.el7eap.src.rpm eap7-jackson-jaxrs-providers-2.10.4-1.redhat_00001.1.el7eap.src.rpm eap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el7eap.src.rpm eap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el7eap.src.rpm eap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el7eap.src.rpm eap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el7eap.src.rpm eap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el7eap.src.rpm eap7-netty-4.1.48-1.Final_redhat_00001.1.el7eap.src.rpm eap7-undertow-2.0.30-4.SP4_redhat_00001.1.el7eap.src.rpm eap7-wildfly-7.3.2-4.GA_redhat_00002.1.el7eap.src.rpm eap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el7eap.src.rpm eap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-http-client-1.0.22-1.Final_redhat_00001.1.el7eap.src.rpm noarch: eap7-dom4j-2.1.3-1.redhat_00001.1.el7eap.noarch.rpm eap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el7eap.noarch.rpm eap7-hal-console-3.2.9-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-core-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-entitymanager-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-envers-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-java8-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-validator-cdi-6.0.20-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-cachestore-jdbc-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-cachestore-remote-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-client-hotrod-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-commons-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-core-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-hibernate-cache-commons-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-hibernate-cache-spi-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-hibernate-cache-v53-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-api-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-impl-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-spi-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-api-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-impl-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-deployers-common-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-jdbc-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-validator-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jackson-annotations-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-core-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-databind-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-datatype-jdk8-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-datatype-jsr310-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-jaxrs-base-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-jaxrs-json-provider-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-module-jaxb-annotations-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-cli-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-core-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.3-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly15.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly16.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly17.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly18.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-netty-4.1.48-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-all-4.1.48-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-undertow-2.0.30-4.SP4_redhat_00001.1.el7eap.noarch.rpm eap7-undertow-server-1.6.2-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-elytron-tool-1.10.7-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-client-common-1.0.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-java-jdk11-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-java-jdk8-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-javadocs-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-modules-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2019-14900 https://access.redhat.com/security/cve/CVE-2020-1710 https://access.redhat.com/security/cve/CVE-2020-1748 https://access.redhat.com/security/cve/CVE-2020-10672 https://access.redhat.com/security/cve/CVE-2020-10673 https://access.redhat.com/security/cve/CVE-2020-10683 https://access.redhat.com/security/cve/CVE-2020-10687 https://access.redhat.com/security/cve/CVE-2020-10693 https://access.redhat.com/security/cve/CVE-2020-10714 https://access.redhat.com/security/cve/CVE-2020-10718 https://access.redhat.com/security/cve/CVE-2020-10740 https://access.redhat.com/security/cve/CVE-2020-14297 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/ 9. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXzqIZtzjgjWX9erEAQgbmw/9EMmKKCCwal4bB6c8JuVi9V1qwN8+GJA4 BT8rEG7nDCffXvCdGzhPj1JofUlvVLcMX6T7DhC7DJ3acsCFoMvpVvranRkhnXkj 9sIZxPYy2ZFRIXWt8tUvVYeYZdKJ+dKsHRzzCetQr0vd9L9gWuGUZcroS+PTdkCn 2Us87nq0bPNqMAX4q5iqs/+yM7WrcmL8bJELEFU+QwZQOtqKpnOiCUVwUnPxHuAB gTk5DLAdJaj/FFmQH0l2Qc0brTXRvcjFLhme3ygQcfiOB0bh4KO+ykhOS+lznCIB a33P5m0/eXkdjMuT9PxxllMpE3cygCrN0caFwm5F/rJVUczc6MNBCWQ2605xiiNt xQOh429J3J9S+Ew+hwBsaWRwKgibItBI3aa/AiUHHPnwj5Q33hj3+2/53k7QuN/0 59JqQ1hOz7x857G2HaAPiCWu3QDhHqfdhewrLpCEnrO0HhLiPoHou8tuD8UnITws OfWtjSw0bwBnhb3OsmGlQxHtIDfY+TpJKQ6YPukUmc0KiRfC695HNgk91b4u5M5O 42Oo9g4g4rxVezCI1+WaN1KRA1J7yUTmvAFuz/1QervXpvw1xGbILLqlJI7maNnX bN4s3UgKVYLg/hlGiOMvLVTAuHY8OIyiijNoAcHXZv63+AGWQTRUihyIpl8KcFIr V2uaf/+66c0=doZv -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. The References section of this erratum contains a download link (you must log in to download the update). The JBoss server process must be restarted for the update to take effect

Trust: 1.62

sources: NVD: CVE-2020-10672 // VULHUB: VHN-163174 // PACKETSTORM: 157859 // PACKETSTORM: 158651 // PACKETSTORM: 158889 // PACKETSTORM: 158891 // PACKETSTORM: 159080 // PACKETSTORM: 158916 // PACKETSTORM: 158881

AFFECTED PRODUCTS

vendor:	oracle	model:	communications contacts server	scope:	eq	version:	8.0.0.4.0	Trust: 1.0
vendor:	oracle	model:	communications network charging and control	scope:	lte	version:	12.0.3	Trust: 1.0
vendor:	oracle	model:	communications session route manager	scope:	gte	version:	8.2.0	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications infrastructure	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	lte	version:	17.12	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	eq	version:	16.1	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	15.0	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications infrastructure	scope:	lte	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	jd edwards enterpriseone tools	scope:	lt	version:	9.2.4.2	Trust: 1.0
vendor:	oracle	model:	communications evolved communications application server	scope:	eq	version:	7.1	Trust: 1.0
vendor:	oracle	model:	communications session route manager	scope:	lte	version:	8.2.2	Trust: 1.0
vendor:	oracle	model:	retail sales audit	scope:	eq	version:	14.1	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	19.0	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	18.0	Trust: 1.0
vendor:	oracle	model:	financial services institutional performance analytics	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	insurance policy administration j2ee	scope:	eq	version:	11.1.0.15	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	18.1	Trust: 1.0
vendor:	oracle	model:	global lifecycle management opatch	scope:	lt	version:	12.2.0.1.20	Trust: 1.0
vendor:	oracle	model:	retail merchandising system	scope:	eq	version:	15.0	Trust: 1.0
vendor:	oracle	model:	financial services price creation and discovery	scope:	eq	version:	8.0.7	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	lte	version:	2.9.0	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	20.1	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	lt	version:	2.9.10.4	Trust: 1.0
vendor:	oracle	model:	communications session report manager	scope:	gte	version:	8.2.0	Trust: 1.0
vendor:	oracle	model:	communications instant messaging server	scope:	eq	version:	10.0.1.4.0	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	18.2	Trust: 1.0
vendor:	netapp	model:	steelstore cloud integrated storage	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	communications session report manager	scope:	lte	version:	8.2.2	Trust: 1.0
vendor:	oracle	model:	jd edwards enterpriseone orchestrator	scope:	lt	version:	9.2.4.2	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	eq	version:	16.2	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	eq	version:	18.8	Trust: 1.0
vendor:	oracle	model:	retail service backbone	scope:	eq	version:	15.0	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	16.0	Trust: 1.0
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	13.4.0.0	Trust: 1.0
vendor:	oracle	model:	communications element manager	scope:	gte	version:	8.2.0	Trust: 1.0
vendor:	oracle	model:	financial services institutional performance analytics	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	communications element manager	scope:	lte	version:	8.2.2	Trust: 1.0
vendor:	oracle	model:	insurance policy administration j2ee	scope:	eq	version:	11.0.2.25	Trust: 1.0
vendor:	oracle	model:	agile plm	scope:	eq	version:	9.3.6	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	19.2	Trust: 1.0
vendor:	oracle	model:	communications contacts server	scope:	eq	version:	8.0.0.5.0	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	gte	version:	17.7	Trust: 1.0
vendor:	oracle	model:	autovue for agile product lifecycle management	scope:	eq	version:	21.0.2	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	eq	version:	19.12	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	17.0	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	oracle	model:	financial services price creation and discovery	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	19.1	Trust: 1.0
vendor:	oracle	model:	communications network charging and control	scope:	eq	version:	6.0.1	Trust: 1.0
vendor:	oracle	model:	retail service backbone	scope:	eq	version:	14.1	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	lte	version:	8.2.2	Trust: 1.0
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	13.3.0.0	Trust: 1.0
vendor:	oracle	model:	retail service backbone	scope:	eq	version:	16.0	Trust: 1.0
vendor:	oracle	model:	financial services retail customer analytics	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	financial services institutional performance analytics	scope:	eq	version:	8.0.7	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	gte	version:	2.9.0	Trust: 1.0
vendor:	oracle	model:	communications calendar server	scope:	eq	version:	8.0.0.4.0	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	gte	version:	2.4.0	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	18.3	Trust: 1.0
vendor:	oracle	model:	communications network charging and control	scope:	gte	version:	12.0.0	Trust: 1.0

sources: NVD: CVE-2020-10672

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-10672
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2020-10672
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202003-1150
value:	HIGH
Trust: 0.6
VULHUB:	VHN-163174
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-10672
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-163174
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-10672
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-163174 // CNNVD: CNNVD-202003-1150 // NVD: CVE-2020-10672 // NVD: CVE-2020-10672

PROBLEMTYPE DATA

problemtype:	CWE-502	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0

sources: NVD: CVE-2020-10672

THREAT TYPE

remote

Trust: 1.0

sources: PACKETSTORM: 158889 // PACKETSTORM: 158891 // PACKETSTORM: 159080 // PACKETSTORM: 158881 // CNNVD: CNNVD-202003-1150

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202003-1150

PATCH

title:

FasterXML jackson-databind Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112628

Trust: 0.6

sources: CNNVD: CNNVD-202003-1150

EXTERNAL IDS

db:	NVD	id:	CVE-2020-10672	Trust: 2.4
db:	PACKETSTORM	id:	158651	Trust: 0.8
db:	PACKETSTORM	id:	158916	Trust: 0.8
db:	PACKETSTORM	id:	158891	Trust: 0.8
db:	PACKETSTORM	id:	158636	Trust: 0.7
db:	PACKETSTORM	id:	159083	Trust: 0.7
db:	PACKETSTORM	id:	159208	Trust: 0.7
db:	CNNVD	id:	CNNVD-202003-1150	Trust: 0.7
db:	PACKETSTORM	id:	157859	Trust: 0.7
db:	CS-HELP	id:	SB2022060909	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2588	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2826	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1882	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2837	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1040	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1766	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2619	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3065	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3190	Trust: 0.6
db:	NSFOCUS	id:	48048	Trust: 0.6
db:	PACKETSTORM	id:	158889	Trust: 0.2
db:	PACKETSTORM	id:	159080	Trust: 0.2
db:	PACKETSTORM	id:	158881	Trust: 0.2
db:	PACKETSTORM	id:	158884	Trust: 0.1
db:	PACKETSTORM	id:	159082	Trust: 0.1
db:	PACKETSTORM	id:	159081	Trust: 0.1
db:	PACKETSTORM	id:	158650	Trust: 0.1
db:	VULHUB	id:	VHN-163174	Trust: 0.1

sources: VULHUB: VHN-163174 // PACKETSTORM: 157859 // PACKETSTORM: 158651 // PACKETSTORM: 158889 // PACKETSTORM: 158891 // PACKETSTORM: 159080 // PACKETSTORM: 158916 // PACKETSTORM: 158881 // CNNVD: CNNVD-202003-1150 // NVD: CVE-2020-10672

REFERENCES

url:	https://security.netapp.com/advisory/ntap-20200403-0002/	Trust: 1.7
url:	https://github.com/fasterxml/jackson-databind/issues/2659	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpujan2021.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpujul2020.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpuoct2020.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpuoct2021.html	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10672	Trust: 1.3
url:	https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062	Trust: 1.0
url:	https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2020-10672	Trust: 0.7
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.7
url:	https://access.redhat.com/security/team/contact/	Trust: 0.7
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.7
url:	https://bugzilla.redhat.com/):	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2020-10673	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10673	Trust: 0.6
url:	https://packetstormsecurity.com/files/158636/red-hat-security-advisory-2020-3192-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060909	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-shipped-with-ibm-cloud-pak-system/	Trust: 0.6
url:	https://packetstormsecurity.com/files/157859/red-hat-security-advisory-2020-2333-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2588/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2837/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6525182	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-10673-cve-2020-1112-cve-2020-11113-cve-2020-10672-cve-2020-10968-cve-2020-10969-cve-2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2619/	Trust: 0.6
url:	https://packetstormsecurity.com/files/158916/red-hat-security-advisory-2020-3501-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1766/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/48048	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1882/	Trust: 0.6
url:	https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/158891/red-hat-security-advisory-2020-3463-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6528214	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-3/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2826/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3190/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1040/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159083/red-hat-security-advisory-2020-3642-01.html	Trust: 0.6
url:	https://vigilance.fr/vulnerability/fasterxml-jackson-databind-privilege-escalation-via-xapooledconnectionfactory-31849	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3065/	Trust: 0.6
url:	https://issues.jboss.org/):	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1710	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10740	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10693	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10687	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-10714	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10683	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10714	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-10683	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-10693	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-10687	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-10740	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-1710	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-10718	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10718	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1748	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-1748	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14297	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-14297	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14900	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-14900	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-9547	Trust: 0.3
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14307	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-14307	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-11112	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-11113	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-10968	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-17573	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-1695	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20444	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17573	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20330	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-20445	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10086	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-20444	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-10086	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-16869	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-10969	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11111	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-20330	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-7238	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-12423	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16869	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12423	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10968	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-11111	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20445	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10969	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-9546	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11612	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-9548	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-8840	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-11612	Trust: 0.2
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/	Trust: 0.2
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-16335	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10174	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:2333	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-16942	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-16943	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/19/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14893	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16942	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14888	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14887	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10688	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14892	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0210	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0205	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14892	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12419	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14888	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1745	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17531	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16335	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-0210	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14887	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10688	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\xeap-cd&downloadtype=securitypatches&version	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14540	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16943	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12419	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17267	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10174	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17531	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14540	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14893	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17267	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-0205	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1732	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14060	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12406	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.8/html/release_notes_for_red_hat_process_automation_manager_7.8/index	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9514	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1718	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14060	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9515	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-13990	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11620	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=rhpam&version=7.8.0	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9512	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12406	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3197	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9514	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9515	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14061	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11619	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1718	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9518	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13990	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14062	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11619	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11620	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9512	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11112	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9518	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14061	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11113	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14062	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3462	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3463	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3639	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-6950	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9547	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1695	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9548	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9546	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8840	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6950	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10758	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10758	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3501	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1728	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1728	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso&downloadtype=securitypatches&version=7.4	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3464	Trust: 0.1

CREDITS

Red Hat

Trust: 1.3

sources: PACKETSTORM: 157859 // PACKETSTORM: 158651 // PACKETSTORM: 158889 // PACKETSTORM: 158891 // PACKETSTORM: 159080 // PACKETSTORM: 158916 // PACKETSTORM: 158881 // CNNVD: CNNVD-202003-1150

SOURCES

db:	VULHUB	id:	VHN-163174
db:	PACKETSTORM	id:	157859
db:	PACKETSTORM	id:	158651
db:	PACKETSTORM	id:	158889
db:	PACKETSTORM	id:	158891
db:	PACKETSTORM	id:	159080
db:	PACKETSTORM	id:	158916
db:	PACKETSTORM	id:	158881
db:	CNNVD	id:	CNNVD-202003-1150
db:	NVD	id:	CVE-2020-10672

LAST UPDATE DATE

2026-04-18T21:31:30.899000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-163174	date:	2021-12-07T00:00:00
db:	CNNVD	id:	CNNVD-202003-1150	date:	2022-06-10T00:00:00
db:	NVD	id:	CVE-2020-10672	date:	2024-11-21T04:55:49.050

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-163174	date:	2020-03-18T00:00:00
db:	PACKETSTORM	id:	157859	date:	2020-05-28T16:22:46
db:	PACKETSTORM	id:	158651	date:	2020-07-29T17:53:05
db:	PACKETSTORM	id:	158889	date:	2020-08-17T17:43:07
db:	PACKETSTORM	id:	158891	date:	2020-08-17T17:43:22
db:	PACKETSTORM	id:	159080	date:	2020-09-07T16:37:51
db:	PACKETSTORM	id:	158916	date:	2020-08-19T16:44:13
db:	PACKETSTORM	id:	158881	date:	2020-08-17T15:35:45
db:	CNNVD	id:	CNNVD-202003-1150	date:	2020-03-18T00:00:00
db:	NVD	id:	CVE-2020-10672	date:	2020-03-18T22:15:12.313