VARIoT IoT vulnerabilities database
| VAR-202003-1790 | No CVE | Yonghong FD200 has a memory corruption vulnerability (CNVD-2020-10234) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Taiwan Yonghong Motor focuses on the high-function small and medium-sized and micro PLC market.
Yonghong FD200 has a memory corruption vulnerability, which can be exploited by attackers to cause a denial of service.
| VAR-202003-1794 | No CVE | Yonghong FD200 has a memory corruption vulnerability (CNVD-2020-10235) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Taiwan Yonghong Motor focuses on the high-function small and medium-sized and micro PLC market.
Yonghong FD200 has a memory corruption vulnerability, which can be exploited by attackers to cause a denial of service.
| VAR-202003-1796 | No CVE | Yonghong FD300 has a memory corruption vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Taiwan Yonghong Motor focuses on the high-function small and medium-sized and micro PLC market.
Yonghong FD300 has a memory corruption vulnerability, which can be exploited by attackers to cause a denial of service.
| VAR-202003-1793 | No CVE | Yonghong FD100 has a memory corruption vulnerability (CNVD-2020-10236) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Taiwan Yonghong Motor focuses on the high-function small and medium-sized and micro PLC market.
Yonghong FD100 has a memory corruption vulnerability, which can be exploited by attackers to cause a denial of service.
| VAR-202003-1792 | No CVE | Yonghong FD100 has a memory corruption vulnerability (CNVD-2020-10237) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Taiwan Yonghong Motor focuses on the high-function small and medium-sized and micro PLC market.
Yonghong FD100 has a memory corruption vulnerability, which can be exploited by attackers to cause a denial of service.
| VAR-202003-0129 | CVE-2020-10670 | Canon Oce Colorwave 500 Cross-site scripting vulnerabilities in printers |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in the parameter settingId of the settingDialogContent.jsp page. NOTE: this is fixed in the latest version. Canon Oce Colorwave 500 A cross-site scripting vulnerability exists in the printer.Information may be obtained and tampered with. Canon Oce Colorwave 500 is a printer from Canon, Japan. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code. # Exploit Title: Océ Colorwave 500 printer: Multiple vulnerabilities
# Exploit Author: Giuseppe Calì, Marco Ortisi
# Authors blog: https://www.redtimmy.com
# Vendor Homepage: https://www.canon.com
# Software Link:
https://lfpp.csa.canon.com/tss/tss_product_detail.jsp?PRODUCT%3C%3Eprd_id=845524441910378&SKU%3C%3Esku_id=1689949372031068&FOLDER%3C%3Efolder_id=2534374302162637&bmUID=mpYkKHM
# Version: 4.0.0.0
# CVE: 2020-10667, 2020-10668, 2020-10669, 2020-10670, 2020-10671
We have recently registered five CVE(s) affecting the Oce Colorwave 500
printer.
CVE-2020-10669 is an authentication bypass allowing an attacker to
access
documents that have been uploaded to the printer. As the documents
remain stored
in the system even after they have been printed (depending on the
printer's
configuration), a malicious insider may be able to access documents
printed in
the past.
CVE-2020-10667 is a Stored XSS on the
“/TemplateManager/indexExternalLocation.jsp”
page.
CVE-2020-10668 and CVE-10670 are two Reflected XSS on pages “/home.jsp”
and
“/SettingsEditor/settingDialogContent.jsp”.
Finally CVE-10671 is a system-wide CSRF due to the absence of any form
of nonce
or countermeasure protecting against Cross Site Request Forgery.
More details and full story here:
https://www.redtimmy.com/red-teaming/hacking-the-oce-colorwave-printer-when-a-quick-security-assessment-determines-the-success-of-a-red-team-exercise/
| VAR-202003-0126 | CVE-2020-10667 | Canon Oce Colorwave 500 Cross-site scripting vulnerabilities in printers |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Stored XSS in /TemplateManager/indexExternalLocation.jsp. The vulnerable parameter is map(template_name). NOTE: this is fixed in the latest version. Canon Oce Colorwave 500 is a printer from Canon, Japan. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code. # Exploit Title: Océ Colorwave 500 printer: Multiple vulnerabilities
# Exploit Author: Giuseppe Calì, Marco Ortisi
# Authors blog: https://www.redtimmy.com
# Vendor Homepage: https://www.canon.com
# Software Link:
https://lfpp.csa.canon.com/tss/tss_product_detail.jsp?PRODUCT%3C%3Eprd_id=845524441910378&SKU%3C%3Esku_id=1689949372031068&FOLDER%3C%3Efolder_id=2534374302162637&bmUID=mpYkKHM
# Version: 4.0.0.0
# CVE: 2020-10667, 2020-10668, 2020-10669, 2020-10670, 2020-10671
We have recently registered five CVE(s) affecting the Oce Colorwave 500
printer.
CVE-2020-10669 is an authentication bypass allowing an attacker to
access
documents that have been uploaded to the printer. As the documents
remain stored
in the system even after they have been printed (depending on the
printer's
configuration), a malicious insider may be able to access documents
printed in
the past.
CVE-2020-10667 is a Stored XSS on the
“/TemplateManager/indexExternalLocation.jsp”
page.
CVE-2020-10668 and CVE-10670 are two Reflected XSS on pages “/home.jsp”
and
“/SettingsEditor/settingDialogContent.jsp”.
Finally CVE-10671 is a system-wide CSRF due to the absence of any form
of nonce
or countermeasure protecting against Cross Site Request Forgery.
More details and full story here:
https://www.redtimmy.com/red-teaming/hacking-the-oce-colorwave-printer-when-a-quick-security-assessment-determines-the-success-of-a-red-team-exercise/
| VAR-202003-0190 | CVE-2020-10671 | Canon Oce Colorwave 500 Cross-site request forgery vulnerability in printers |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missing any form of CSRF protections. This is a system-wide issue. An attacker could perform administrative actions by targeting a logged-in administrative user. NOTE: this is fixed in the latest version. Canon Oce Colorwave 500 A cross-site request forgery vulnerability exists in the printer.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Canon Oce Colorwave 500 is a printer from Canon, Japan. The vulnerability stems from the program's lack of any form of cross-site request forgery protection. Attackers can use this vulnerability to perform management operations. # Exploit Title: Océ Colorwave 500 printer: Multiple vulnerabilities
# Exploit Author: Giuseppe Calì, Marco Ortisi
# Authors blog: https://www.redtimmy.com
# Vendor Homepage: https://www.canon.com
# Software Link:
https://lfpp.csa.canon.com/tss/tss_product_detail.jsp?PRODUCT%3C%3Eprd_id=845524441910378&SKU%3C%3Esku_id=1689949372031068&FOLDER%3C%3Efolder_id=2534374302162637&bmUID=mpYkKHM
# Version: 4.0.0.0
# CVE: 2020-10667, 2020-10668, 2020-10669, 2020-10670, 2020-10671
We have recently registered five CVE(s) affecting the Oce Colorwave 500
printer.
CVE-2020-10669 is an authentication bypass allowing an attacker to
access
documents that have been uploaded to the printer. As the documents
remain stored
in the system even after they have been printed (depending on the
printer's
configuration), a malicious insider may be able to access documents
printed in
the past.
CVE-2020-10667 is a Stored XSS on the
“/TemplateManager/indexExternalLocation.jsp”
page.
CVE-2020-10668 and CVE-10670 are two Reflected XSS on pages “/home.jsp”
and
“/SettingsEditor/settingDialogContent.jsp”.
More details and full story here:
https://www.redtimmy.com/red-teaming/hacking-the-oce-colorwave-printer-when-a-quick-security-assessment-determines-the-success-of-a-red-team-exercise/
| VAR-202003-0127 | CVE-2020-10668 | Canon Oce Colorwave 500 Cross-site scripting vulnerabilities in printers |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in /home.jsp. The vulnerable parameter is openSI. NOTE: this is fixed in the latest version. Canon Oce Colorwave 500 is a printer from Canon, Japan. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code. # Exploit Title: Océ Colorwave 500 printer: Multiple vulnerabilities
# Exploit Author: Giuseppe Calì, Marco Ortisi
# Authors blog: https://www.redtimmy.com
# Vendor Homepage: https://www.canon.com
# Software Link:
https://lfpp.csa.canon.com/tss/tss_product_detail.jsp?PRODUCT%3C%3Eprd_id=845524441910378&SKU%3C%3Esku_id=1689949372031068&FOLDER%3C%3Efolder_id=2534374302162637&bmUID=mpYkKHM
# Version: 4.0.0.0
# CVE: 2020-10667, 2020-10668, 2020-10669, 2020-10670, 2020-10671
We have recently registered five CVE(s) affecting the Oce Colorwave 500
printer.
CVE-2020-10669 is an authentication bypass allowing an attacker to
access
documents that have been uploaded to the printer. As the documents
remain stored
in the system even after they have been printed (depending on the
printer's
configuration), a malicious insider may be able to access documents
printed in
the past.
CVE-2020-10667 is a Stored XSS on the
“/TemplateManager/indexExternalLocation.jsp”
page.
CVE-2020-10668 and CVE-10670 are two Reflected XSS on pages “/home.jsp”
and
“/SettingsEditor/settingDialogContent.jsp”.
Finally CVE-10671 is a system-wide CSRF due to the absence of any form
of nonce
or countermeasure protecting against Cross Site Request Forgery.
More details and full story here:
https://www.redtimmy.com/red-teaming/hacking-the-oce-colorwave-printer-when-a-quick-security-assessment-determines-the-success-of-a-red-team-exercise/
| VAR-202003-0128 | CVE-2020-10669 | Canon Oce Colorwave Authentication vulnerabilities in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authentication bypass on the page /home.jsp. An unauthenticated attacker able to connect to the device's web interface can get a copy of the documents uploaded by any users. NOTE: this is fixed in the latest version. # Exploit Title: Océ Colorwave 500 printer: Multiple vulnerabilities
# Exploit Author: Giuseppe Calì, Marco Ortisi
# Authors blog: https://www.redtimmy.com
# Vendor Homepage: https://www.canon.com
# Software Link:
https://lfpp.csa.canon.com/tss/tss_product_detail.jsp?PRODUCT%3C%3Eprd_id=845524441910378&SKU%3C%3Esku_id=1689949372031068&FOLDER%3C%3Efolder_id=2534374302162637&bmUID=mpYkKHM
# Version: 4.0.0.0
# CVE: 2020-10667, 2020-10668, 2020-10669, 2020-10670, 2020-10671
We have recently registered five CVE(s) affecting the Oce Colorwave 500
printer. As the documents
remain stored
in the system even after they have been printed (depending on the
printer's
configuration), a malicious insider may be able to access documents
printed in
the past.
CVE-2020-10667 is a Stored XSS on the
“/TemplateManager/indexExternalLocation.jsp”
page.
CVE-2020-10668 and CVE-10670 are two Reflected XSS on pages “/home.jsp”
and
“/SettingsEditor/settingDialogContent.jsp”.
Finally CVE-10671 is a system-wide CSRF due to the absence of any form
of nonce
or countermeasure protecting against Cross Site Request Forgery.
More details and full story here:
https://www.redtimmy.com/red-teaming/hacking-the-oce-colorwave-printer-when-a-quick-security-assessment-determines-the-success-of-a-red-team-exercise/
| VAR-202003-0625 | CVE-2019-15655 | D-Link DSL-2875AL Inadequate protection of credentials on devices |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
D-Link DSL-2875AL devices through 1.00.05 are prone to password disclosure via a simple crafted /romfile.cfg request to the web management server. This request doesn't require any authentication and will lead to saving the configuration file. The password is stored in cleartext. D-Link DSL-2875AL Devices contain vulnerabilities in insufficient protection of credentials.Information may be obtained. D-Link DSL-2875AL is a wireless router from D-Link, Taiwan.
D-Link DSL-2875AL has a security vulnerability before 1.00.05
| VAR-202003-0623 | CVE-2019-15653 | Comba AP2600-I Inadequate protection of credentials on devices |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via an insecure authentication mechanism. The HTML source code of the login page contains values that allow obtaining the username and password. The username are password values are a double md5 of the plaintext real value, i.e., md5(md5(value)). Comba AP2600-I Devices contain vulnerabilities in insufficient protection of credentials.Information may be obtained. Comba Telecom AP2600-I is a wireless access point device from India's Comba Telecom.
Comba Telecom AP2600-I devices A02,0202N00PD2 and previous versions have security vulnerabilities that remote attackers can use to make special requests to exploit the vulnerability to obtain sensitive information
| VAR-202003-1275 | CVE-2018-20333 | ASUSWRT information disclosure vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router. ASUSWRT There is an information leakage vulnerability in.Information may be obtained. ASUSWRT is a firmware that runs in its router from Taiwan's ASUS Corporation (ASUS).
ASUSWRT 3.0.0.4.384.20308 has a security hole
| VAR-202003-0626 | CVE-2019-15656 | D-Link DSL-2875AL and DSL-2877AL Vulnerability in plaintext storage of critical information on devices |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via a simple crafted request to index.asp on the web management server because of username_v and password_v variables. D-Link DSL-2875AL and DSL-2877AL A device contains a vulnerability in the plaintext storage of important information.Information may be obtained. D-Link DSL-2875AL is a wireless router from D-Link, Taiwan.
D-Link DSL-2875AL has a security vulnerability before 1.00.05
| VAR-202003-0624 | CVE-2019-15654 | Comba AP2600-I Inadequate protection of credentials on devices |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Comba AC2400 devices are prone to password disclosure via a simple crafted /09/business/upgrade/upcfgAction.php?download=true request to the web management server. The request doesn't require any authentication and will lead to saving the DBconfig.cfg file. At the end of the file, the login information is stored in cleartext. Comba AP2600-I Devices contain vulnerabilities in insufficient protection of credentials.Information may be obtained. Comba Telecom AP2600-I is a wireless access point device from India's Comba Telecom.
The upcfgAction.php file in Comba Telecom AP2600-I devices A02,0202N00PD2 and previous versions has a security vulnerability, and remote attackers can use the special request to use the vulnerability to obtain sensitive information
| VAR-202003-1276 | CVE-2018-20334 | ASUSWRT In OS Command injection vulnerabilities |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell. ASUSWRT To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ASUSWRT is a firmware that runs in its router from Taiwan's ASUS Corporation (ASUS).
ASUS ASUSWRT 3.0.0.4.384.20308 has a command injection vulnerability. The vulnerability stems from the fact that the network system or product did not properly filter the special elements in the process of constructing executable commands from external input data. Attackers can use this vulnerability to execute illegal commands
| VAR-202003-1277 | CVE-2018-20335 | ASUSWRT Input verification vulnerability in |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI. ASUSWRT There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. ASUSWRT is a firmware that runs in its router from Taiwan's ASUS Corporation (ASUS).
ASUSWRT 3.0.0.4.384.20308 has a security hole. An attacker can use this vulnerability to cause a denial of service with the help of /APP_Installation.asp?= URI
| VAR-202003-1778 | CVE-2020-10673 | FasterXML jackson-databind Vulnerability in |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). FasterXML jackson-databind Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4 due to insecure deserialization of com.caucho.config.types.ResourceRef (caucho-quercus). A remote attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. Description:
Red Hat Process Automation Manager is an open source business process
management suite that combines process management and decision service
management and enables business and IT users to create, manage, validate,
and deploy process applications and decision services.
The JBoss server process must be restarted for the update to take effect. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat Data Grid 7.3.7 security update
Advisory ID: RHSA-2020:3779-01
Product: Red Hat JBoss Data Grid
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3779
Issue date: 2020-09-17
CVE Names: CVE-2017-7658 CVE-2019-10172 CVE-2020-1695
CVE-2020-1710 CVE-2020-1719 CVE-2020-1745
CVE-2020-1748 CVE-2020-1757 CVE-2020-8840
CVE-2020-9488 CVE-2020-9546 CVE-2020-9547
CVE-2020-9548 CVE-2020-10672 CVE-2020-10673
CVE-2020-10714 CVE-2020-10968 CVE-2020-10969
CVE-2020-11111 CVE-2020-11112 CVE-2020-11113
CVE-2020-11612 CVE-2020-11619 CVE-2020-11620
====================================================================
1. Summary:
An update for Red Hat Data Grid is now available.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Description:
Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the
Infinispan project.
This release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat
Data Grid 7.3.6 and includes bug fixes and enhancements, which are
described in the Release Notes, linked to in the References section of this
erratum.
Security Fix(es):
* jetty: Incorrect header handling (CVE-2017-7658)
* EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)
* undertow: servletPath is normalized incorrectly leading to dangerous
application mapping which could result in security bypass (CVE-2020-1757)
* jackson-databind: Lacks certain xbean-reflect/JNDI blocking
(CVE-2020-8840)
* jackson-databind: Serialization gadgets in shaded-hikari-config
(CVE-2020-9546)
* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)
* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)
* jackson-databind: mishandles the interaction between serialization
gadgets and typing which could result in remote command execution
(CVE-2020-10672)
* jackson-databind: mishandles the interaction between serialization
gadgets and typing which could result in remote command execution
(CVE-2020-10673)
* jackson-databind: Serialization gadgets in
org.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)
* jackson-databind: Serialization gadgets in javax.swing.JEditorPane
(CVE-2020-10969)
* jackson-databind: Serialization gadgets in
org.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)
* jackson-databind: Serialization gadgets in
org.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)
* jackson-databind: Serialization gadgets in
org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)
* jackson-databind: Serialization gadgets in org.springframework:spring-aop
(CVE-2020-11619)
* jackson-databind: Serialization gadgets in commons-jelly:commons-jelly
(CVE-2020-11620)
* jackson-mapper-asl: XML external entity similar to CVE-2016-3720
(CVE-2019-10172)
* resteasy: Improper validation of response header in
MediaTypeHeaderDelegate.java class (CVE-2020-1695)
* Wildfly: EJBContext principal is not popped back after invoking another
EJB using a different Security Domain (CVE-2020-1719)
* Wildfly: Improper authorization issue in WildFlySecurityManager when
using alternative protection domain (CVE-2020-1748)
* wildfly-elytron: session fixation when using FORM authentication
(CVE-2020-10714)
* netty: compression/decompression codecs don't enforce limits on buffer
allocation sizes (CVE-2020-11612)
* log4j: improper validation of certificate with host mismatch in SMTP
appender (CVE-2020-9488)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
3. Solution:
To install this update, do the following:
1. Download the Data Grid 7.3.7 server patch from the customer portal. See
the download link in the References section.
2. Back up your existing Data Grid installation. You should back up
databases, configuration files, and so on.
3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes
for patching instructions.
4. Restart Data Grid to ensure the changes take effect.
4. Bugs fixed (https://bugzilla.redhat.com/):
1595621 - CVE-2017-7658 jetty: Incorrect header handling
1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720
1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class
1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass
1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230
1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain
1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability
1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain
1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes
1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking
1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config
1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap
1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core
1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider
1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane
1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory
1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider
1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime
1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication
1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly
1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop
1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender
5. References:
https://access.redhat.com/security/cve/CVE-2017-7658
https://access.redhat.com/security/cve/CVE-2019-10172
https://access.redhat.com/security/cve/CVE-2020-1695
https://access.redhat.com/security/cve/CVE-2020-1710
https://access.redhat.com/security/cve/CVE-2020-1719
https://access.redhat.com/security/cve/CVE-2020-1745
https://access.redhat.com/security/cve/CVE-2020-1748
https://access.redhat.com/security/cve/CVE-2020-1757
https://access.redhat.com/security/cve/CVE-2020-8840
https://access.redhat.com/security/cve/CVE-2020-9488
https://access.redhat.com/security/cve/CVE-2020-9546
https://access.redhat.com/security/cve/CVE-2020-9547
https://access.redhat.com/security/cve/CVE-2020-9548
https://access.redhat.com/security/cve/CVE-2020-10672
https://access.redhat.com/security/cve/CVE-2020-10673
https://access.redhat.com/security/cve/CVE-2020-10714
https://access.redhat.com/security/cve/CVE-2020-10968
https://access.redhat.com/security/cve/CVE-2020-10969
https://access.redhat.com/security/cve/CVE-2020-11111
https://access.redhat.com/security/cve/CVE-2020-11112
https://access.redhat.com/security/cve/CVE-2020-11113
https://access.redhat.com/security/cve/CVE-2020-11612
https://access.redhat.com/security/cve/CVE-2020-11619
https://access.redhat.com/security/cve/CVE-2020-11620
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product\xdata.grid&downloadType=securityPatches&version=7.3
https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBX2Nf/dzjgjWX9erEAQifjA/7BlSA2KK7e4RlxfRAP3Sj7xT+CRlFcOJn
NVVI6DNpfZNtD/TJ4M5JFMP/yzKb+/FoaGVUexqiUxQBcrYsViZdfwfQ6PSwQgd8
5GAtC0NINGYmr0y7m6sKbAwAofnmCoEjNPjpdfLG632Err4vXDT9pGx1RNIrfS0A
qaOSuf2BjZkD9A6Azroupq/ePmRnDBW4ovWF4ES415Pa5T7N4rmoyZ3UnGrbubmm
GisjzhBbFyjL2wM1gMtqKlf5Qdre0XQIio4YLEnK1DaS7qLS36L04UJP9rwtB/nn
aCOKZE/4Ch0gYcNlwniH4MK4Aiy/z/OGQopuhJoKFADJ3Y5lnJwCWDMjMKwWSj1G
DvKG4uSIa8l2oxGQURThwxY1Jr7sbQTy2QXCVoyZj9oOKoGel+qJaGVFVnwsOpB7
MB8nPAuINZ91RR7xSBLv/AyoLnXV3dI97kOyTwEhld6THIwAUWqk+V2y7M6Onlx9
Pf+whfe0ORHzeCj/UBZh2NqcuShUpjdE9aLyYyefa2VV4t+0L4XlIfnlNuL8Ja7j
wzLJlo/u8XMktoXRrBpMWZaCzcqN1+BTuQUXNZeqfNtgFmCgJVxp6tHyHni7flQq
P2M8FaCyQHyQ1ggSljgZ66AEdiwatYpqOxR4yUyrKmsXt9iPsX45TdA9zSKmF2Sb
PyKX8lLP6w8=n+2X
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
The purpose of this text-only errata is to inform you about the security
issues fixed in this release.
Security Fix(es):
* netty (CVE-2016-4970 CVE-2020-7238 CVE-2019-20444 CVE-2019-20445)
* dom4j (CVE-2018-1000632)
* elasticsearch (CVE-2018-3831)
* pdfbox (CVE-2018-11797)
* vertx (CVE-2018-12541)
* spring-data-jpa (CVE-2019-3797)
* mina-core (CVE-2019-0231)
* jackson-databind (CVE-2019-12086 CVE-2019-16335 CVE-2019-14540
CVE-2019-17267 CVE-2019-14892 CVE-2019-14893 CVE-2019-16942 CVE-2019-16943
CVE-2019-17531 CVE-2019-20330 CVE-2020-10673 CVE-2020-10672 CVE-2020-8840
CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969
CVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11620 CVE-2020-11619
CVE-2020-14195 CVE-2020-14060 CVE-2020-14061 CVE-2020-14062)
* jackson-mapper-asl (CVE-2019-10172)
* hawtio (CVE-2019-9827)
* undertow (CVE-2019-9511 CVE-2020-1757 CVE-2019-14888 CVE-2020-1745)
* santuario (CVE-2019-12400)
* apache-commons-beanutils (CVE-2019-10086)
* cxf (CVE-2019-17573)
* apache-commons-configuration (CVE-2020-1953)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
Installation instructions are available from the Fuse 7.7.0 product
documentation page:
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/
4. Bugs fixed (https://bugzilla.redhat.com/):
1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl
1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents
1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API
1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service
1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake
1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries
1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure.
1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. Solution:
Before applying this update, back up your existing Red Hat JBoss Enterprise
Application Platform installation and deployed applications.
For details about how to apply this update, which includes the changes
described in this advisory, see:
https://access.redhat.com/articles/11258
5. JIRA issues fixed (https://issues.jboss.org/):
JBEAP-18366 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.15 to 5.3.16
JBEAP-18667 - [GSS](7.2.z) Upgrade wildfly-http-client from 1.0.20.Final-redhat-00001 to 1.0.21.Final-redhat-00001
JBEAP-18849 - [GSS](7.2.z) Upgrade RESTEasy from 3.6.1.SP8 to 3.6.1.SP9
JBEAP-18880 - [GSS](7.2.z) Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00009 to 2.3.5.SP4-redhat-00001
JBEAP-18906 - [GSS](7.2.z) Upgrade weld from 3.0.6.Final-redhat-00003 to 3.0.7.Final-redhat-00001
JBEAP-18919 - [GSS](7.2.z) Upgrade HAL from 3.0.21.Final to 3.0.22.Final
JBEAP-18965 - (7.2.z) Upgrade IronJacamar from 1.4.20.Final to 1.4.21.Final
JBEAP-19038 - Tracker bug for the EAP 7.2.9 release for RHEL-6
JBEAP-19058 - [GSS] (7.2.z) Upgrade Undertow from 2.0.30.SP1-redhat-00001 to 2.0.30.SP2-redhat-00001
JBEAP-19120 - [GSS](7.2.z) Upgrade org.jboss.genericjms from 2.0.2.Final-redhat-00001 to 2.0.4.Final-redhat-00001
JBEAP-19163 - [GSS](7.2.z) Upgrade Infinispan from 9.3.8.Final-redhat-00001 to 9.3.9.Final-redhat-00001
JBEAP-19255 - (7.2.z) Upgrade jboss-logmanager from 2.1.14.Final to 2.1.15.Final
JBEAP-19271 - (7.2.z) Upgrade WildFly Core from 6.0.27.Final-redhat-00001 to 6.0.28.Final-redhat-00001
JBEAP-19315 - [GSS](7.2.z) Upgrade XNIO from 3.7.6.SP2 to 3.7.6.SP3
JBEAP-19463 - (7.2.z) Upgrade wildfly-transaction-client from 1.1.10.Final-redhat-00001 to 1.1.11.Final-redhat-00001
JBEAP-19565 - (7.2.z) Upgrade jboss-ejb-client from 4.0.31.Final-redhat-00001 to 4.0.33.Final-redhat-00001
JBEAP-19587 - [GSS](7.2.z) Upgrade org.jboss.genericjms from 2.0.2.Final-redhat-00001 to 2.0.6.Final-redhat-00001
JBEAP-19620 - (7.2.z) Upgrade JBoss JSF API from 2.3.5.SP2-redhat-00003 to 2.3.5.SP2-redhat-00005
JBEAP-19624 - (7.2.z) Upgrade wildfly-naming-client from 1.0.12.Final-redhat-00001 to 1.0.13.Final-redhat-00001
JBEAP-19703 - [GSS](7.2.z) Upgrade JBoss Modules from 1.8.9 to 1.8.10
JBEAP-19704 - (7.2.z) Upgrade WildFly Core from 6.0.28.Final-redhat-00001 to 6.0.29.Final-redhat-00001
JBEAP-19798 - [GSS](7.2.z) Upgrade HAL from 3.0.22.Final to 3.0.23.Final
JBEAP-19837 - (7.2.z) Upgrade WildFly Core from 6.0.29.Final-redhat-00001 to 6.0.30.Final-redhat-00001
JBEAP-19875 - [GSS](7.2.z) Upgrade wildfly-http-ejb-client from 1.0.21.Final to 1.0.22.Final
7. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
8. Summary:
This is a security update for JBoss EAP Continuous Delivery 20. Description:
Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak
project, that provides authentication and standards-based single sign-on
capabilities for web and mobile applications
| VAR-202003-1779 | CVE-2020-10672 | Red Hat Security Advisory 2020-3196-01 |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms). FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x prior to 2.9.10.4 due to insecure deserialization by org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aries.transaction.jms) . A remote attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. Description:
Red Hat Decision Manager is an open source decision management platform
that combines business rules management, complex event processing, Decision
Model & Notation (DMN) execution, and Business Optimizer for solving
planning problems. It automates business decisions and makes that logic
available to the entire business.
Security Fix(es):
* apache-commons-beanutils: does not suppresses the class property in
PropertyUtilsBean by default (CVE-2019-10086)
* cxf: does not restrict the number of message attachments (CVE-2019-12406)
* cxf: OpenId Connect token service does not properly validate the clientId
(CVE-2019-12419)
* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)
* HTTP/2: flood using PING frames results in unbounded memory growth
(CVE-2019-9512)
* HTTP/2: flood using HEADERS frames results in unbounded memory growth
(CVE-2019-9514)
* HTTP/2: flood using SETTINGS frames results in unbounded memory growth
(CVE-2019-9515)
* HTTP/2: large amount of data requests leads to denial of service
(CVE-2019-9511)
* jackson-databind: Multiple serialization gadgets (CVE-2019-17531,
CVE-2019-16943, CVE-2019-16942, CVE-2019-17267, CVE-2019-14540,
CVE-2019-16335, CVE-2019-14893, CVE-2019-14892, CVE-2020-9546,
CVE-2020-9547, CVE-2020-9548, CVE-2020-10969, CVE-2020-10968,
CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619,
CVE-2020-11620, CVE-2019-20330, CVE-2020-8840)
* jackson-databind: mishandles the interaction between serialization
gadgets and typing which could result in remote command
execution (CVE-2020-10672, CVE-2020-10673)
* keycloak: adapter endpoints are exposed via arbitrary URLs
(CVE-2019-14820)
* keycloak: missing signatures validation on CRL used to verify client
certificates (CVE-2019-3875)
* keycloak: SAML broker does not check existence of signature on document
allowing any user impersonation (CVE-2019-10201)
* keycloak: CSRF check missing in My Resources functionality in the Account
Console (CVE-2019-10199)
* keycloak: cross-realm user access auth bypass (CVE-2019-14832)
* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace
mishandling (CVE-2020-7238)
* SmallRye: SecuritySupport class is incorrectly public and contains a
static method to access the current threads context class loader
(CVE-2020-1729)
* thrift: Out-of-bounds read related to TJSONProtocol or
TSimpleJSONProtocol (CVE-2019-0210)
* thrift: Endless loop when feed with specific input data (CVE-2019-0205)
* undertow: possible Denial Of Service (DOS) in Undertow HTTP server
listening on HTTPS (CVE-2019-14888)
* wildfly: The 'enabled-protocols' value in legacy security is not
respected if OpenSSL security provider is in use (CVE-2019-14887)
* wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and
'Deployer' user by default (CVE-2019-14838)
* xml-security: Apache Santuario potentially loads XML parsing code from an
untrusted source (CVE-2019-12400)
For more details about the security issues and their impact, the CVSS
score, acknowledgements, and other related information, see the CVE pages
listed in the References section. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update
Advisory ID: RHSA-2020:3462-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3462
Issue date: 2020-08-17
CVE Names: CVE-2019-14900 CVE-2020-1710 CVE-2020-1748
CVE-2020-10672 CVE-2020-10673 CVE-2020-10683
CVE-2020-10687 CVE-2020-10693 CVE-2020-10714
CVE-2020-10718 CVE-2020-10740 CVE-2020-14297
====================================================================
1. Summary:
An update is now available for Red Hat JBoss Enterprise Application
Platform 7.3 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat JBoss EAP 7.3 for RHEL 7 Server - noarch
3. Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java
applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves
as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1,
and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise
Application Platform 7.3.2 Release Notes for information about the most
significant bug fixes and enhancements included in this release.
Security Fix(es):
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API
(CVE-2020-10718)
* dom4j: XML External Entity vulnerability in default SAX parser
(CVE-2020-10683)
* wildfly-elytron: session fixation when using FORM authentication
(CVE-2020-10714)
* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to
permitting invalid characters in HTTP requests (CVE-2020-10687)
* jackson-databind: mishandles the interaction between serialization
gadgets and typing which could result in remote command execution
(CVE-2020-10673)
* hibernate-core: hibernate: SQL injection issue in Hibernate ORM
(CVE-2019-14900)
* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans
(CVE-2020-10740)
* jackson-databind: mishandles the interaction between serialization
gadgets and typing which could result in remote command execution
(CVE-2020-10672)
* undertow: EAP: field-name is not parsed in accordance to RFC7230
(CVE-2020-1710)
* hibernate-validator: Improper input validation in the interpolation of
constraint error messages (CVE-2020-10693)
* wildfly: Improper authorization issue in WildFlySecurityManager when
using alternative protection domain (CVE-2020-1748)
* wildfly: Some EJB transaction objects may get accumulated causing Denial
of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, see the CVE page(s) listed in the
References section.
4. Solution:
Before applying this update, ensure all previously released errata relevant
to your system have been applied.
For details about how to apply this update, see:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM
1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser
1785049 - CVE-2020-10687 Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests
1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230
1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages
1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain
1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication
1828476 - CVE-2020-10718 wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API
1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans
1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service
6. JIRA issues fixed (https://issues.jboss.org/):
JBEAP-18793 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.16 to 5.3.17
JBEAP-19095 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.20 to 1.0.21
JBEAP-19134 - (7.3.z) Upgrade HAL from 3.2.8.Final-redhat-00001 to 3.2.9.Final
JBEAP-19185 - (7.3.z) Upgrade IronJacamar from 1.4.20.Final to 1.4.22.Final
JBEAP-19203 - (7.3.z) WFCORE-4850 - Updating mockserver to 5.9.0. Exclusion of dependency from xom.io7m
JBEAP-19205 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.x
JBEAP-19269 - [GSS](7.3.z) Upgrade jboss-logmanager from 2.1.14.Final to 2.1.15.Final
JBEAP-19322 - (7.3.z) Upgrade XNIO from 3.7.7 to 3.7.8.SP1
JBEAP-19325 - (7.3.z) Upgrade Infinispan from 9.4.18.Final-redhat-00001 to 9.4.19.Final-redhat-00001
JBEAP-19397 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP09-redhat-00001 to 2.3.9.SP11-redhat-00001
JBEAP-19410 - Tracker bug for the EAP 7.3.2 release for RHEL-7
JBEAP-19529 - (7.3.z) Update PR template to include PR-processor hints.
JBEAP-19564 - [GSS](7.3.z) Upgrade jboss-ejb-client from 4.0.31.Final-redhat-00001 to 4.0.33.Final-redhat-00001
JBEAP-19585 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.4 to 2.0.6
JBEAP-19617 - (7.3.z) Upgrade wildfly-naming-client from 1.0.12.Final-redhat-00001 to 1.0.13.Final-redhat-00001
JBEAP-19619 - (7.3.z) Upgrade JBoss JSF API from 3.0.0.SP02-redhat-00001 to 3.0.0.SP04-redhat-00001
JBEAP-19673 - (7.3.z) [WFCORE] Upgrade WildFly Common to 1.5.2.Final
JBEAP-19674 - (7.3.z) [WFCORE] Upgrade galleon and wildfly-galleon-plugins from 4.1.2.Final to 4.2.4.Final
JBEAP-19874 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.21.Final-redhat-00001 to 1.0.22.Final-redhat-00001
7. Package List:
Red Hat JBoss EAP 7.3 for RHEL 7 Server:
Source:
eap7-dom4j-2.1.3-1.redhat_00001.1.el7eap.src.rpm
eap7-elytron-web-1.6.2-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el7eap.src.rpm
eap7-hal-console-3.2.9-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-hibernate-5.3.17-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-infinispan-9.4.19-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-jackson-annotations-2.10.4-1.redhat_00001.1.el7eap.src.rpm
eap7-jackson-core-2.10.4-1.redhat_00001.1.el7eap.src.rpm
eap7-jackson-databind-2.10.4-1.redhat_00001.1.el7eap.src.rpm
eap7-jackson-jaxrs-providers-2.10.4-1.redhat_00001.1.el7eap.src.rpm
eap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el7eap.src.rpm
eap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el7eap.src.rpm
eap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el7eap.src.rpm
eap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el7eap.src.rpm
eap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el7eap.src.rpm
eap7-netty-4.1.48-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-undertow-2.0.30-4.SP4_redhat_00001.1.el7eap.src.rpm
eap7-wildfly-7.3.2-4.GA_redhat_00002.1.el7eap.src.rpm
eap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el7eap.src.rpm
eap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-wildfly-http-client-1.0.22-1.Final_redhat_00001.1.el7eap.src.rpm
noarch:
eap7-dom4j-2.1.3-1.redhat_00001.1.el7eap.noarch.rpm
eap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el7eap.noarch.rpm
eap7-hal-console-3.2.9-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-hibernate-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-hibernate-core-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-hibernate-entitymanager-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-hibernate-envers-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-hibernate-java8-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-hibernate-validator-cdi-6.0.20-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-infinispan-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-infinispan-cachestore-jdbc-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-infinispan-cachestore-remote-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-infinispan-client-hotrod-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-infinispan-commons-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-infinispan-core-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-infinispan-hibernate-cache-commons-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-infinispan-hibernate-cache-spi-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-infinispan-hibernate-cache-v53-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-ironjacamar-common-api-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-ironjacamar-common-impl-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-ironjacamar-common-spi-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-ironjacamar-core-api-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-ironjacamar-core-impl-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-ironjacamar-deployers-common-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-ironjacamar-jdbc-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-ironjacamar-validator-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-annotations-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-core-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-databind-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-datatype-jdk8-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-datatype-jsr310-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-jaxrs-base-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-jaxrs-json-provider-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-module-jaxb-annotations-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el7eap.noarch.rpm
eap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-cli-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-core-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-eap6.4-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-eap7.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-eap7.1-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-eap7.2-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-eap7.3-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly10.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly10.1-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly11.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly12.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly13.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly14.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly15.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly16.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly17.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly18.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly8.2-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly9.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el7eap.noarch.rpm
eap7-netty-4.1.48-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-netty-all-4.1.48-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-undertow-2.0.30-4.SP4_redhat_00001.1.el7eap.noarch.rpm
eap7-undertow-server-1.6.2-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm
eap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el7eap.noarch.rpm
eap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-elytron-tool-1.10.7-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-http-client-common-1.0.22-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-http-ejb-client-1.0.22-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-http-naming-client-1.0.22-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-http-transaction-client-1.0.22-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-java-jdk11-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm
eap7-wildfly-java-jdk8-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm
eap7-wildfly-javadocs-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm
eap7-wildfly-modules-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
8. References:
https://access.redhat.com/security/cve/CVE-2019-14900
https://access.redhat.com/security/cve/CVE-2020-1710
https://access.redhat.com/security/cve/CVE-2020-1748
https://access.redhat.com/security/cve/CVE-2020-10672
https://access.redhat.com/security/cve/CVE-2020-10673
https://access.redhat.com/security/cve/CVE-2020-10683
https://access.redhat.com/security/cve/CVE-2020-10687
https://access.redhat.com/security/cve/CVE-2020-10693
https://access.redhat.com/security/cve/CVE-2020-10714
https://access.redhat.com/security/cve/CVE-2020-10718
https://access.redhat.com/security/cve/CVE-2020-10740
https://access.redhat.com/security/cve/CVE-2020-14297
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/
9. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXzqIZtzjgjWX9erEAQgbmw/9EMmKKCCwal4bB6c8JuVi9V1qwN8+GJA4
BT8rEG7nDCffXvCdGzhPj1JofUlvVLcMX6T7DhC7DJ3acsCFoMvpVvranRkhnXkj
9sIZxPYy2ZFRIXWt8tUvVYeYZdKJ+dKsHRzzCetQr0vd9L9gWuGUZcroS+PTdkCn
2Us87nq0bPNqMAX4q5iqs/+yM7WrcmL8bJELEFU+QwZQOtqKpnOiCUVwUnPxHuAB
gTk5DLAdJaj/FFmQH0l2Qc0brTXRvcjFLhme3ygQcfiOB0bh4KO+ykhOS+lznCIB
a33P5m0/eXkdjMuT9PxxllMpE3cygCrN0caFwm5F/rJVUczc6MNBCWQ2605xiiNt
xQOh429J3J9S+Ew+hwBsaWRwKgibItBI3aa/AiUHHPnwj5Q33hj3+2/53k7QuN/0
59JqQ1hOz7x857G2HaAPiCWu3QDhHqfdhewrLpCEnrO0HhLiPoHou8tuD8UnITws
OfWtjSw0bwBnhb3OsmGlQxHtIDfY+TpJKQ6YPukUmc0KiRfC695HNgk91b4u5M5O
42Oo9g4g4rxVezCI1+WaN1KRA1J7yUTmvAFuz/1QervXpvw1xGbILLqlJI7maNnX
bN4s3UgKVYLg/hlGiOMvLVTAuHY8OIyiijNoAcHXZv63+AGWQTRUihyIpl8KcFIr
V2uaf/+66c0=doZv
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. Description:
Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak
project, that provides authentication and standards-based single sign-on
capabilities for web and mobile applications.
The References section of this erratum contains a download link (you must
log in to download the update).
The JBoss server process must be restarted for the update to take effect
| VAR-202003-1349 | CVE-2020-4205 | IBM DataPower Gateway Authentication vulnerabilities in |
CVSS V2: 6.5 CVSS V3: 6.3 Severity: MEDIUM |
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continue to access the server even after authentication certificates have been revolked. IBM X-Force ID: 174961. IBM DataPower Gateway There is an authentication vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 174961 It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. IBM DataPower Gateway is a security and integration platform specially designed for mobile, cloud, application programming interface (API), network, service-oriented architecture (SOA), B2B and cloud workloads. The platform secures, integrates and optimizes access across channels with a dedicated gateway platform