ID

VAR-202110-1705


CVE

CVE-2021-37137


TITLE

Netty  Resource exhaustion vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-013841

DESCRIPTION

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk. Netty Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 8 Advisory ID: RHSA-2022:4919-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:4919 Issue date: 2022-06-06 CVE Names: CVE-2020-36518 CVE-2021-37136 CVE-2021-37137 CVE-2021-42392 CVE-2021-43797 CVE-2022-0084 CVE-2022-0853 CVE-2022-0866 CVE-2022-1319 CVE-2022-21299 CVE-2022-21363 CVE-2022-23221 CVE-2022-23437 CVE-2022-23913 CVE-2022-24785 ==================================================================== 1. Summary: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.4 for RHEL 8 - noarch, x86_64 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221) * jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518) * netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136) * netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137) * h2: Remote Code Execution in Console (CVE-2021-42392) * netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797) * xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084) * wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866) * undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319) * OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299) * mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363) * xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437) * artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913) * Moment.js: Path traversal in moment.locale (CVE-2022-24785) * jboss-client: memory leakage in remote client transaction (CVE-2022-0853) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 2039403 - CVE-2021-42392 h2: Remote Code Execution in Console 2041472 - CVE-2022-21299 OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) 2044596 - CVE-2022-23221 h2: Loading of custom classes from remote servers through JNDI 2047200 - CVE-2022-23437 xerces-j2: infinite loop when handling specially crafted XML document payloads 2047343 - CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors 2060725 - CVE-2022-0853 jboss-client: memory leakage in remote client transaction 2060929 - CVE-2022-0866 wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled 2063601 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS 2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale 2073890 - CVE-2022-1319 undertow: Double AJP response for 400 from EAP 7 results in CPING failures 6. JIRA issues fixed (https://issues.jboss.org/): JBEAP-23121 - Tracker bug for the EAP 7.4.5 release for RHEL-8 JBEAP-23171 - (7.4.z) Upgrade HAL from 3.3.9.Final-redhat-00001 to 3.3.12.Final-redhat-00001 JBEAP-23194 - Upgrade hibernate-validator from 6.0.22.Final-redhat-00002 to 6.0.23-redhat-00001 JBEAP-23241 - [GSS](7.4.z) Upgrade jberet from 1.3.9 to 1.3.9.SP1 JBEAP-23299 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00034 to 2.16.0.redhat-00042 JBEAP-23300 - [GSS](7.4.z) Upgrade JBoss Remoting from 5.0.23.SP1 to 5.0.24.SP1 JBEAP-23312 - (7.4.z) Upgrade WildFly Core from 15.0.8.Final-redhat-00001 to 15.0.12.Final-redhat-00001 JBEAP-23313 - (7.4.z) Upgrade Elytron from 1.15.11.Final-redhat-00002 to 1.15.12.Final-redhat-00001 JBEAP-23336 - (7.4.z) Upgrade Hibernate ORM from 5.3.25.Final-redhat-00002 to 5.3.26.Final-redhat-00002 JBEAP-23338 - [GSS](7.4.z) Upgrade Undertow from 2.2.16 to 2.2.17.SP3 JBEAP-23339 - [GSS](7.4.z) Upgrade wildfly-http-ejb-client from 1.1.10 to 1.1.11.SP1 JBEAP-23351 - (7.4.z) Upgrade org.apache.logging.log4j from 2.17.1.redhat-00001 to 2.17.1.redhat-00002 JBEAP-23353 - (7.4.z) Upgrade wildfly-transaction-client from 1.1.14.Final-redhat-00001 to 1.1.15.Final-redhat-x JBEAP-23429 - [PM](7.4.z) JDK17 Update Tested Configurations page and make note in Update release notes JBEAP-23432 - [GSS](7.4.z) Upgrade JSF API from 3.0.0.SP04 to 3.0.0.SP05 JBEAP-23451 - [PST] (7.4.z) Upgrade to FasterXML Jackson to 2.12.6.redhat-00001 and Jackson Databind to 2.12.6.1.redhat-00003 JBEAP-23531 - [GSS](7.4.z) Upgrade Undertow from 2.2.17.SP3 to 2.2.17.SP4 JBEAP-23532 - (7.4.z) Upgrade WildFly Core from 15.0.12.Final-redhat-00001 to 15.0.13.Final-redhat-00001 7. Package List: Red Hat JBoss EAP 7.4 for RHEL 8: Source: eap7-activemq-artemis-2.16.0-9.redhat_00042.1.el8eap.src.rpm eap7-h2database-1.4.197-2.redhat_00004.1.el8eap.src.rpm eap7-hal-console-3.3.12-1.Final_redhat_00001.1.el8eap.src.rpm eap7-hibernate-5.3.26-1.Final_redhat_00002.2.el8eap.src.rpm eap7-hibernate-validator-6.0.23-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jackson-annotations-2.12.6-1.redhat_00001.1.el8eap.src.rpm eap7-jackson-core-2.12.6-1.redhat_00001.1.el8eap.src.rpm eap7-jackson-databind-2.12.6.1-1.redhat_00003.1.el8eap.src.rpm eap7-jackson-jaxrs-providers-2.12.6-1.redhat_00001.1.el8eap.src.rpm eap7-jackson-modules-base-2.12.6-1.redhat_00001.1.el8eap.src.rpm eap7-jackson-modules-java8-2.12.6-1.redhat_00001.1.el8eap.src.rpm eap7-jberet-1.3.9-1.SP1_redhat_00001.1.el8eap.src.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP05_redhat_00002.1.el8eap.src.rpm eap7-jboss-remoting-5.0.24-1.SP1_redhat_00001.1.el8eap.src.rpm eap7-jboss-server-migration-1.10.0-16.Final_redhat_00015.1.el8eap.src.rpm eap7-jboss-xnio-base-3.8.7-1.SP1_redhat_00001.1.el8eap.src.rpm eap7-log4j-2.17.1-2.redhat_00002.1.el8eap.src.rpm eap7-netty-4.1.72-4.Final_redhat_00001.1.el8eap.src.rpm eap7-netty-tcnative-2.0.48-1.Final_redhat_00001.1.el8eap.src.rpm eap7-netty-transport-native-epoll-4.1.72-1.Final_redhat_00001.1.el8eap.src.rpm eap7-snakeyaml-1.29.0-1.redhat_00001.2.el8eap.src.rpm eap7-undertow-2.2.17-2.SP4_redhat_00001.1.el8eap.src.rpm eap7-wildfly-7.4.5-3.GA_redhat_00001.1.el8eap.src.rpm eap7-wildfly-elytron-1.15.12-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-http-client-1.1.11-1.SP1_redhat_00001.1.el8eap.src.rpm eap7-wildfly-transaction-client-1.1.15-1.Final_redhat_00001.1.el8eap.src.rpm eap7-xerces-j2-2.12.0-3.SP04_redhat_00001.1.el8eap.src.rpm noarch: eap7-activemq-artemis-2.16.0-9.redhat_00042.1.el8eap.noarch.rpm eap7-activemq-artemis-cli-2.16.0-9.redhat_00042.1.el8eap.noarch.rpm eap7-activemq-artemis-commons-2.16.0-9.redhat_00042.1.el8eap.noarch.rpm eap7-activemq-artemis-core-client-2.16.0-9.redhat_00042.1.el8eap.noarch.rpm eap7-activemq-artemis-dto-2.16.0-9.redhat_00042.1.el8eap.noarch.rpm eap7-activemq-artemis-hornetq-protocol-2.16.0-9.redhat_00042.1.el8eap.noarch.rpm eap7-activemq-artemis-hqclient-protocol-2.16.0-9.redhat_00042.1.el8eap.noarch.rpm eap7-activemq-artemis-jdbc-store-2.16.0-9.redhat_00042.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-client-2.16.0-9.redhat_00042.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-server-2.16.0-9.redhat_00042.1.el8eap.noarch.rpm eap7-activemq-artemis-journal-2.16.0-9.redhat_00042.1.el8eap.noarch.rpm eap7-activemq-artemis-ra-2.16.0-9.redhat_00042.1.el8eap.noarch.rpm eap7-activemq-artemis-selector-2.16.0-9.redhat_00042.1.el8eap.noarch.rpm eap7-activemq-artemis-server-2.16.0-9.redhat_00042.1.el8eap.noarch.rpm eap7-activemq-artemis-service-extensions-2.16.0-9.redhat_00042.1.el8eap.noarch.rpm eap7-activemq-artemis-tools-2.16.0-9.redhat_00042.1.el8eap.noarch.rpm eap7-h2database-1.4.197-2.redhat_00004.1.el8eap.noarch.rpm eap7-hal-console-3.3.12-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-5.3.26-1.Final_redhat_00002.2.el8eap.noarch.rpm eap7-hibernate-core-5.3.26-1.Final_redhat_00002.2.el8eap.noarch.rpm eap7-hibernate-entitymanager-5.3.26-1.Final_redhat_00002.2.el8eap.noarch.rpm eap7-hibernate-envers-5.3.26-1.Final_redhat_00002.2.el8eap.noarch.rpm eap7-hibernate-java8-5.3.26-1.Final_redhat_00002.2.el8eap.noarch.rpm eap7-hibernate-validator-6.0.23-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-validator-cdi-6.0.23-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jackson-annotations-2.12.6-1.redhat_00001.1.el8eap.noarch.rpm eap7-jackson-core-2.12.6-1.redhat_00001.1.el8eap.noarch.rpm eap7-jackson-databind-2.12.6.1-1.redhat_00003.1.el8eap.noarch.rpm eap7-jackson-datatype-jdk8-2.12.6-1.redhat_00001.1.el8eap.noarch.rpm eap7-jackson-datatype-jsr310-2.12.6-1.redhat_00001.1.el8eap.noarch.rpm eap7-jackson-jaxrs-base-2.12.6-1.redhat_00001.1.el8eap.noarch.rpm eap7-jackson-jaxrs-json-provider-2.12.6-1.redhat_00001.1.el8eap.noarch.rpm eap7-jackson-module-jaxb-annotations-2.12.6-1.redhat_00001.1.el8eap.noarch.rpm eap7-jackson-modules-base-2.12.6-1.redhat_00001.1.el8eap.noarch.rpm eap7-jackson-modules-java8-2.12.6-1.redhat_00001.1.el8eap.noarch.rpm eap7-jberet-1.3.9-1.SP1_redhat_00001.1.el8eap.noarch.rpm eap7-jberet-core-1.3.9-1.SP1_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP05_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-remoting-5.0.24-1.SP1_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-server-migration-1.10.0-16.Final_redhat_00015.1.el8eap.noarch.rpm eap7-jboss-server-migration-cli-1.10.0-16.Final_redhat_00015.1.el8eap.noarch.rpm eap7-jboss-server-migration-core-1.10.0-16.Final_redhat_00015.1.el8eap.noarch.rpm eap7-jboss-xnio-base-3.8.7-1.SP1_redhat_00001.1.el8eap.noarch.rpm eap7-log4j-2.17.1-2.redhat_00002.1.el8eap.noarch.rpm eap7-netty-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-all-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-buffer-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-codec-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-codec-dns-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-codec-haproxy-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-codec-http-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-codec-http2-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-codec-memcache-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-codec-mqtt-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-codec-redis-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-codec-smtp-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-codec-socks-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-codec-stomp-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-codec-xml-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-common-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-handler-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-handler-proxy-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-resolver-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-resolver-dns-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-resolver-dns-classes-macos-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-tcnative-2.0.48-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-transport-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-transport-classes-epoll-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-transport-classes-kqueue-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-transport-native-unix-common-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-transport-rxtx-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-transport-sctp-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-transport-udt-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm eap7-snakeyaml-1.29.0-1.redhat_00001.2.el8eap.noarch.rpm eap7-undertow-2.2.17-2.SP4_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-7.4.5-3.GA_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-elytron-1.15.12-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-elytron-tool-1.15.12-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-client-common-1.1.11-1.SP1_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-ejb-client-1.1.11-1.SP1_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-naming-client-1.1.11-1.SP1_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-transaction-client-1.1.11-1.SP1_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-javadocs-7.4.5-3.GA_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-modules-7.4.5-3.GA_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-transaction-client-1.1.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-xerces-j2-2.12.0-3.SP04_redhat_00001.1.el8eap.noarch.rpm x86_64: eap7-netty-transport-native-epoll-4.1.72-1.Final_redhat_00001.1.el8eap.x86_64.rpm eap7-netty-transport-native-epoll-debuginfo-4.1.72-1.Final_redhat_00001.1.el8eap.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2020-36518 https://access.redhat.com/security/cve/CVE-2021-37136 https://access.redhat.com/security/cve/CVE-2021-37137 https://access.redhat.com/security/cve/CVE-2021-42392 https://access.redhat.com/security/cve/CVE-2021-43797 https://access.redhat.com/security/cve/CVE-2022-0084 https://access.redhat.com/security/cve/CVE-2022-0853 https://access.redhat.com/security/cve/CVE-2022-0866 https://access.redhat.com/security/cve/CVE-2022-1319 https://access.redhat.com/security/cve/CVE-2022-21299 https://access.redhat.com/security/cve/CVE-2022-21363 https://access.redhat.com/security/cve/CVE-2022-23221 https://access.redhat.com/security/cve/CVE-2022-23437 https://access.redhat.com/security/cve/CVE-2022-23913 https://access.redhat.com/security/cve/CVE-2022-24785 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/ 9. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYp5p/9zjgjWX9erEAQhL+g/+JKQHaiLkO+ltEKRh+4gMrTSp6RHQ7abn 2sNL4RWYPNRMVkzxxssvhNORYq9zEpwygmoNbsWDgPAJfoHR4QJingjL2fTn8Q7+ T3Iw/kw3OH9wAnWhBl1uppLzYbLqppjC6Z3/BdU6uqMjly+wQyoIgEm2eHMgAMnQ SteQlaYDrVuu9+8b57EcKVGVyg6x7W/DDX0hWCxNh7zFx8kX+kOdM4JBARMVTz8c JfXxaNbP5cr2pWxXyCOSPgLku9P7wV5zZ1Mi2bS9m+wWndhlmnGDRE7EBJZltKz4 NudGSOpabgN7g0WMLZLRQg6ioCsaawucV7UZqk6Sxf0ur7WCif8z2Y5NR8gD+usI ed5HVhMjF8Uj1+hzvJttTeoRZ9sVigQ3SeOxnQhK3G+n/d5jk7TCe8EdlW/MHq/G EDud/taB/GO7imnhdHLEyA+P4BVhqpbw47AvyQq0cRgYfDGwK09Z7HkxzWxz7zbk vP1eKJ6Wc8B94WBMIB50eObTVoT98VBzQ5gUTrfcwIjTDCWMqkT6HyOWfQGCPF/j 4TWRrA3/n4ZkVrk/K5N1BLT07XuCV+dF/JfjHzG7piA0fU5gyOyn3GlU3cKHPBT7 1OALl1P0Bs1lFIaVxyxWyU0IcLTD0ndvoed5N+j5wrMgn8QaIpFk9ByfJrw8KIJX TdWh+RTMxwU=Q04c -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/): LOG-1971 - Applying cluster state is causing elasticsearch to hit an issue and become unusable 6. The purpose of this text-only errata is to inform you about the security issues fixed. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Security Fix(es): * netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136) * netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137) For more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section. The References section of this erratum contains a download link for the update. You must be logged in to download the update. Bugs fixed (https://bugzilla.redhat.com/): 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 5. Description: Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. JIRA issues fixed (https://issues.jboss.org/): ENTMQST-4107 - [KAFKA] MM2 connector task stopped and didn?t result in failed state ENTMQST-4541 - [PROD] Create RHSA erratum for Streams 2.4.0 6

Trust: 2.43

sources: NVD: CVE-2021-37137 // JVNDB: JVNDB-2021-013841 // VULHUB: VHN-398973 // PACKETSTORM: 167424 // PACKETSTORM: 165286 // PACKETSTORM: 165287 // PACKETSTORM: 166408 // PACKETSTORM: 174675 // PACKETSTORM: 166093 // PACKETSTORM: 164936 // PACKETSTORM: 172453

AFFECTED PRODUCTS

vendor:nettymodel:nettyscope:ltversion:4.1.68

Trust: 1.0

vendor:oraclemodel:banking apisscope:eqversion:19.2

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.58

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:oraclemodel:communications brm - elastic charging enginescope:eqversion:12.0.0.5.0

Trust: 1.0

vendor:oraclemodel:banking digital experiencescope:eqversion:21.1

Trust: 1.0

vendor:netappmodel:oncommand insightscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:banking digital experiencescope:eqversion:18.1

Trust: 1.0

vendor:oraclemodel:banking digital experiencescope:eqversion:20.1

Trust: 1.0

vendor:quarkusmodel:quarkusscope:ltversion:2.2.4

Trust: 1.0

vendor:oraclemodel:banking digital experiencescope:eqversion:19.1

Trust: 1.0

vendor:oraclemodel:banking apisscope:gteversion:18.1

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.57

Trust: 1.0

vendor:oraclemodel:banking apisscope:eqversion:21.1

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:oraclemodel:banking apisscope:eqversion:20.1

Trust: 1.0

vendor:oraclemodel:banking apisscope:lteversion:18.3

Trust: 1.0

vendor:oraclemodel:banking apisscope:eqversion:19.1

Trust: 1.0

vendor:oraclemodel:banking digital experiencescope:eqversion:18.2

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:gteversion:8.0.0.0

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.59

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:lteversion:8.5.0.2

Trust: 1.0

vendor:oraclemodel:webcenter portalscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:communications brm - elastic charging enginescope:ltversion:12.0.0.4.6

Trust: 1.0

vendor:oraclemodel:banking digital experiencescope:eqversion:19.2

Trust: 1.0

vendor:oraclemodel:communications cloud native core binding support functionscope:eqversion:1.10.0

Trust: 1.0

vendor:oraclemodel:commerce guided searchscope:eqversion:11.3.2

Trust: 1.0

vendor:oraclemodel:webcenter portalscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:banking digital experiencescope:eqversion:18.3

Trust: 1.0

vendor:オラクルmodel:oracle communications cloud native core binding support functionscope: - version: -

Trust: 0.8

vendor:netappmodel:oncommand insightscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle banking apisscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle commerce guided searchscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle banking digital experiencescope: - version: -

Trust: 0.8

vendor:the nettymodel:nettyscope: - version: -

Trust: 0.8

vendor:オラクルmodel:peoplesoft enterprise peopletoolsscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle communications diameter signaling routerscope: - version: -

Trust: 0.8

vendor:quarkusmodel:quarkusscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-013841 // NVD: CVE-2021-37137

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-37137
value: HIGH

Trust: 1.0

NVD: CVE-2021-37137
value: HIGH

Trust: 0.8

VULHUB: VHN-398973
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-37137
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-398973
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-37137
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-37137
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-398973 // JVNDB: JVNDB-2021-013841 // NVD: CVE-2021-37137

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

problemtype:Resource exhaustion (CWE-400) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-398973 // JVNDB: JVNDB-2021-013841 // NVD: CVE-2021-37137

TYPE

code execution

Trust: 0.3

sources: PACKETSTORM: 165286 // PACKETSTORM: 165287 // PACKETSTORM: 166093

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-398973

PATCH

title:Oracle Critical Patch Update Advisory - April 2022 Oracle Critical Patch Updateurl:https://security.netapp.com/advisory/ntap-20220210-0012/

Trust: 0.8

sources: JVNDB: JVNDB-2021-013841

EXTERNAL IDS

db:NVDid:CVE-2021-37137

Trust: 3.5

db:JVNDBid:JVNDB-2021-013841

Trust: 0.8

db:PACKETSTORMid:166408

Trust: 0.2

db:PACKETSTORMid:164936

Trust: 0.2

db:PACKETSTORMid:167424

Trust: 0.2

db:PACKETSTORMid:170498

Trust: 0.1

db:PACKETSTORMid:169918

Trust: 0.1

db:PACKETSTORMid:167122

Trust: 0.1

db:PACKETSTORMid:167142

Trust: 0.1

db:PACKETSTORMid:168657

Trust: 0.1

db:PACKETSTORMid:165564

Trust: 0.1

db:PACKETSTORMid:165980

Trust: 0.1

db:PACKETSTORMid:167140

Trust: 0.1

db:PACKETSTORMid:165105

Trust: 0.1

db:PACKETSTORMid:167423

Trust: 0.1

db:PACKETSTORMid:167964

Trust: 0.1

db:PACKETSTORMid:167422

Trust: 0.1

db:VULHUBid:VHN-398973

Trust: 0.1

db:PACKETSTORMid:165286

Trust: 0.1

db:PACKETSTORMid:165287

Trust: 0.1

db:PACKETSTORMid:174675

Trust: 0.1

db:PACKETSTORMid:166093

Trust: 0.1

db:PACKETSTORMid:172453

Trust: 0.1

sources: VULHUB: VHN-398973 // PACKETSTORM: 167424 // PACKETSTORM: 165286 // PACKETSTORM: 165287 // PACKETSTORM: 166408 // PACKETSTORM: 174675 // PACKETSTORM: 166093 // PACKETSTORM: 164936 // PACKETSTORM: 172453 // JVNDB: JVNDB-2021-013841 // NVD: CVE-2021-37137

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2021-37137

Trust: 1.4

url:https://security.netapp.com/advisory/ntap-20220210-0012/

Trust: 1.1

url:https://www.debian.org/security/2023/dsa-5316

Trust: 1.1

url:https://github.com/netty/netty/security/advisories/ghsa-9vjp-v76f-g363

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html

Trust: 1.1

url:https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04%40%3ccommits.druid.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3ccommits.druid.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb%40%3ccommits.druid.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16%40%3ccommits.druid.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e%40%3cdev.tinkerpop.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d%40%3ccommits.druid.apache.org%3e

Trust: 1.0

url:https://access.redhat.com/security/team/contact/

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2021-37137

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2021-37136

Trust: 0.8

url:https://bugzilla.redhat.com/):

Trust: 0.8

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-37136

Trust: 0.6

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.6

url:https://issues.jboss.org/):

Trust: 0.4

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-42392

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-36518

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-42392

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36518

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-16135

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3200

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-25013

Trust: 0.2

url:https://access.redhat.com/security/vulnerabilities/rhsb-2021-009

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-25012

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35522

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-5827

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35524

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-25013

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-25009

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-27645

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33574

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-13435

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-5827

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24370

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-43527

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14145

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-13751

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-25014

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-19603

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-14145

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-25012

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35521

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-35942

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-17594

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-35524

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-24370

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3572

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-12762

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-36086

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-35522

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-13750

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-13751

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-22898

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12762

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-16135

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-36084

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-44228

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-17541

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3800

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17594

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-36087

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36331

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3712

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-31535

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-35523

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3445

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-13435

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-19603

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-22925

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36330

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-18218

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20232

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20266

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20838

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-22876

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20231

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36332

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14155

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-25010

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20838

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-17541

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-25014

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-36085

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-21409

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33560

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-17595

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3481

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-42574

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-14155

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-25009

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-25010

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35523

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-28153

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-13750

Trust: 0.2

url:https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3426

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-18218

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3580

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17595

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-36330

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-35521

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-28170

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-4178

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-28170

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-2471

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-4178

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-41269

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-2471

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-41269

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-36944

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-24823

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-36944

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-24823

Trust: 0.2

url:https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04@%3ccommits.druid.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb@%3ccommits.druid.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0@%3ccommits.druid.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d@%3ccommits.druid.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16@%3ccommits.druid.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e@%3cdev.tinkerpop.apache.org%3e

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0084

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23437

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-43797

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0866

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24785

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0084

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21299

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21299

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23913

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23221

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24785

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43797

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1319

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:4919

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21363

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1319

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0866

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0853

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23437

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23221

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0853

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23913

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21363

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20673

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3778

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23841

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:5128

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20673

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23840

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3796

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20317

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43267

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36331

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:5127

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28168

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-40690

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30129

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22569

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15522

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1013

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8908

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-26291

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-26291

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15522

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8908

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q2

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-28168

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22569

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30129

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=red.hat.integration&version=2022-q2

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-40690

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-34455

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-34455

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-3635

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1471

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-2976

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-34462

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-2976

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-26048

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-34454

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:5165

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-0482

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_amq_streams/2.5

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-34454

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1471

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-26048

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-34453

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-33201

Trust: 0.1

url:https://issues.redhat.com/):

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-33201

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-26049

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-26049

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.amq.streams&version=2.5.0

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-34462

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-0482

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-34453

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-37714

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_build_of_quarkus/2.2/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37714

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=redhat.quarkus&downloadtype=distributions&version=2.2.5

Trust: 0.1

url:https://access.redhat.com/articles/4966181

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-38153

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-38153

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0589

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=catrhoar.eclipse.vertx&version=4.1.5

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/4.1/html/release_notes_for_eclipse_vert.x_4.1/index

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3959

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-42003

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-46877

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-40149

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.amq.streams&version=2.4.0

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-0341

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42004

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-40150

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-40149

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-42004

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42003

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:3223

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-1370

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-46877

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-40150

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-0833

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-0833

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-1370

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-0341

Trust: 0.1

sources: VULHUB: VHN-398973 // PACKETSTORM: 167424 // PACKETSTORM: 165286 // PACKETSTORM: 165287 // PACKETSTORM: 166408 // PACKETSTORM: 174675 // PACKETSTORM: 166093 // PACKETSTORM: 164936 // PACKETSTORM: 172453 // JVNDB: JVNDB-2021-013841 // NVD: CVE-2021-37137

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 167424 // PACKETSTORM: 165286 // PACKETSTORM: 165287 // PACKETSTORM: 166408 // PACKETSTORM: 174675 // PACKETSTORM: 166093 // PACKETSTORM: 164936 // PACKETSTORM: 172453

SOURCES

db:VULHUBid:VHN-398973
db:PACKETSTORMid:167424
db:PACKETSTORMid:165286
db:PACKETSTORMid:165287
db:PACKETSTORMid:166408
db:PACKETSTORMid:174675
db:PACKETSTORMid:166093
db:PACKETSTORMid:164936
db:PACKETSTORMid:172453
db:JVNDBid:JVNDB-2021-013841
db:NVDid:CVE-2021-37137

LAST UPDATE DATE

2026-07-11T22:51:12.468000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-398973date:2023-02-24T00:00:00
db:JVNDBid:JVNDB-2021-013841date:2022-09-28T08:33:00
db:NVDid:CVE-2021-37137date:2026-06-17T04:00:07.847

SOURCES RELEASE DATE

db:VULHUBid:VHN-398973date:2021-10-19T00:00:00
db:PACKETSTORMid:167424date:2022-06-07T15:15:05
db:PACKETSTORMid:165286date:2021-12-15T15:20:33
db:PACKETSTORMid:165287date:2021-12-15T15:20:43
db:PACKETSTORMid:166408date:2022-03-23T15:52:53
db:PACKETSTORMid:174675date:2023-09-15T13:53:16
db:PACKETSTORMid:166093date:2022-02-22T16:52:49
db:PACKETSTORMid:164936date:2021-11-11T14:58:33
db:PACKETSTORMid:172453date:2023-05-18T13:50:51
db:JVNDBid:JVNDB-2021-013841date:2022-09-28T00:00:00
db:NVDid:CVE-2021-37137date:2021-10-19T15:15:07.757