VARIoT IoT vulnerabilities database
| VAR-202104-1938 | CVE-2021-27470 | Rockwell Automation Made FactoryTalk AssetCentre Multiple vulnerabilities in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre. * Deserialize untrusted data (CWE-502) - CVE-2021-27470 , CVE-2021-27466 , CVE-2021-27462 , CVE-2021-27460 ‥ * Use of potentially dangerous functions (CWE-676) - CVE-2021-27474 ‥ * OS Command injection (CWE-78) - CVE-2021-27476 ‥ * SQL injection (CWE-89) - CVE-2021-27472 , CVE-2021-27468 , CVE-2021-27464The expected impact depends on each vulnerability, but it may be affected as follows. * Arbitrary command executed by an unauthenticated remote third party - CVE-2021-27476 , CVE-2021-27470 , CVE-2021-27466 , CVE-2021-27462 ‥ * By an unauthenticated remote third party FactoryTalk AssetCentre Confidential data is changed - CVE-2021-27474 ‥ * Any by an unauthenticated remote third party SQL The statement is executed - CVE-2021-27472 , CVE-2021-27468 , CVE-2021-27464 ‥ * By an unauthenticated remote third party FactoryTalk AssetCentre Accessed to main server and all agent machines - CVE-2021-27460. Rockwell Automation FactoryTalk AssetCentre is an asset management software tool launched by Rockwell Automation, USA, which can be used by manufacturers and industrial enterprises for centralized management of controllers and other automation-related assets. Provides centralized tools for securing, managing, versioning, tracking and reporting automation-related asset information across the plant FactoryTalk AssetCentre verifies serialized data A security vulnerability exists that allows remote, unauthenticated attackers to The center executes arbitrary commands
| VAR-202104-1942 | CVE-2021-27476 | Rockwell Automation Made FactoryTalk AssetCentre Multiple vulnerabilities in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier. Rockwell Automation Provided by the company FactoryTalk AssetCentre The following multiple vulnerabilities exist in. * Deserialize untrusted data (CWE-502) - CVE-2021-27470 , CVE-2021-27466 , CVE-2021-27462 , CVE-2021-27460 ‥ * Use of potentially dangerous functions (CWE-676) - CVE-2021-27474 ‥ * OS Command injection (CWE-78) - CVE-2021-27476 ‥ * SQL injection (CWE-89) - CVE-2021-27472 , CVE-2021-27468 , CVE-2021-27464The expected impact depends on each vulnerability, but it may be affected as follows. * Arbitrary command executed by an unauthenticated remote third party - CVE-2021-27476 , CVE-2021-27470 , CVE-2021-27466 , CVE-2021-27462 ‥ * By an unauthenticated remote third party FactoryTalk AssetCentre Confidential data is changed - CVE-2021-27474 ‥ * Any by an unauthenticated remote third party SQL The statement is executed - CVE-2021-27472 , CVE-2021-27468 , CVE-2021-27464 ‥ * By an unauthenticated remote third party FactoryTalk AssetCentre Accessed to main server and all agent machines - CVE-2021-27460. Rockwell Automation FactoryTalk AssetCentre is an asset management software tool launched by Rockwell Automation, USA, which can be used by manufacturers and industrial enterprises for centralized management of controllers and other automation-related assets
| VAR-202104-1943 | CVE-2021-27474 | Rockwell Automation Made FactoryTalk AssetCentre Multiple vulnerabilities in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services. This vulnerability may allow a remote, unauthenticated attacker to modify sensitive data in FactoryTalk AssetCentre. Rockwell Automation Provided by the company FactoryTalk AssetCentre The following multiple vulnerabilities exist in. * Deserialize untrusted data (CWE-502) - CVE-2021-27470 , CVE-2021-27466 , CVE-2021-27462 , CVE-2021-27460 ‥ * Use of potentially dangerous functions (CWE-676) - CVE-2021-27474 ‥ * OS Command injection (CWE-78) - CVE-2021-27476 ‥ * SQL injection (CWE-89) - CVE-2021-27472 , CVE-2021-27468 , CVE-2021-27464The expected impact depends on each vulnerability, but it may be affected as follows. * Arbitrary command executed by an unauthenticated remote third party - CVE-2021-27476 , CVE-2021-27470 , CVE-2021-27466 , CVE-2021-27462 ‥ * By an unauthenticated remote third party FactoryTalk AssetCentre Confidential data is changed - CVE-2021-27474 ‥ * Any by an unauthenticated remote third party SQL The statement is executed - CVE-2021-27472 , CVE-2021-27468 , CVE-2021-27464 ‥ * By an unauthenticated remote third party FactoryTalk AssetCentre Accessed to main server and all agent machines - CVE-2021-27460. Rockwell Automation FactoryTalk AssetCentre is an asset management software tool launched by Rockwell Automation, USA, which can be used by manufacturers and industrial enterprises for centralized management of controllers and other automation-related assets. Provides centralized tools to secure, manage, version control, track and report automation-related asset information across the factory FactoryTalk AssetCentre has a security vulnerability that stems from not properly restricting all functions related to IIS Remote Services Attackers This vulnerability could be exploited to modify sensitive data in FactoryTalk Asset Center
| VAR-202104-1937 | CVE-2021-27462 | Rockwell Automation Made FactoryTalk AssetCentre Multiple vulnerabilities in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre. * Deserialize untrusted data (CWE-502) - CVE-2021-27470 , CVE-2021-27466 , CVE-2021-27462 , CVE-2021-27460 ‥ * Use of potentially dangerous functions (CWE-676) - CVE-2021-27474 ‥ * OS Command injection (CWE-78) - CVE-2021-27476 ‥ * SQL injection (CWE-89) - CVE-2021-27472 , CVE-2021-27468 , CVE-2021-27464The expected impact depends on each vulnerability, but it may be affected as follows. * Arbitrary command executed by an unauthenticated remote third party - CVE-2021-27476 , CVE-2021-27470 , CVE-2021-27466 , CVE-2021-27462 ‥ * By an unauthenticated remote third party FactoryTalk AssetCentre Confidential data is changed - CVE-2021-27474 ‥ * Any by an unauthenticated remote third party SQL The statement is executed - CVE-2021-27472 , CVE-2021-27468 , CVE-2021-27464 ‥ * By an unauthenticated remote third party FactoryTalk AssetCentre Accessed to main server and all agent machines - CVE-2021-27460. Rockwell Automation FactoryTalk AssetCentre is an asset management software tool launched by Rockwell Automation, USA, which can be used by manufacturers and industrial enterprises for centralized management of controllers and other automation-related assets
| VAR-202104-1945 | CVE-2021-27468 | Rockwell Automation Made FactoryTalk AssetCentre Multiple vulnerabilities in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements. Rockwell Automation Provided by the company FactoryTalk AssetCentre The following multiple vulnerabilities exist in. * Deserialize untrusted data (CWE-502) - CVE-2021-27470 , CVE-2021-27466 , CVE-2021-27462 , CVE-2021-27460 ‥ * Use of potentially dangerous functions (CWE-676) - CVE-2021-27474 ‥ * OS Command injection (CWE-78) - CVE-2021-27476 ‥ * SQL injection (CWE-89) - CVE-2021-27472 , CVE-2021-27468 , CVE-2021-27464The expected impact depends on each vulnerability, but it may be affected as follows. * Arbitrary command executed by an unauthenticated remote third party - CVE-2021-27476 , CVE-2021-27470 , CVE-2021-27466 , CVE-2021-27462 ‥ * By an unauthenticated remote third party FactoryTalk AssetCentre Confidential data is changed - CVE-2021-27474 ‥ * Any by an unauthenticated remote third party SQL The statement is executed - CVE-2021-27472 , CVE-2021-27468 , CVE-2021-27464 ‥ * By an unauthenticated remote third party FactoryTalk AssetCentre Accessed to main server and all agent machines - CVE-2021-27460. Rockwell Automation FactoryTalk AssetCentre is an asset management software tool launched by Rockwell Automation, USA, which can be used by manufacturers and industrial enterprises for centralized management of controllers and other automation-related assets.
Rockwell Automation FactoryTalk AssetCentre has a SQL injection vulnerability. Provides a centralized tool for securing, managing, versioning, tracking and reporting automation-related asset information across a factory
| VAR-202104-1944 | CVE-2021-27472 | Rockwell Automation FactoryTalk AssetCentre SQL Injection Vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements. Rockwell Automation Provided by the company FactoryTalk AssetCentre The following multiple vulnerabilities exist in. * Deserialize untrusted data (CWE-502) - CVE-2021-27470 , CVE-2021-27466 , CVE-2021-27462 , CVE-2021-27460 ‥ * Use of potentially dangerous functions (CWE-676) - CVE-2021-27474 ‥ * OS Command injection (CWE-78) - CVE-2021-27476 ‥ * SQL injection (CWE-89) - CVE-2021-27472 , CVE-2021-27468 , CVE-2021-27464The expected impact depends on each vulnerability, but it may be affected as follows. * Arbitrary command executed by an unauthenticated remote third party - CVE-2021-27476 , CVE-2021-27470 , CVE-2021-27466 , CVE-2021-27462 ‥ * By an unauthenticated remote third party FactoryTalk AssetCentre Confidential data is changed - CVE-2021-27474 ‥ * Any by an unauthenticated remote third party SQL The statement is executed - CVE-2021-27472 , CVE-2021-27468 , CVE-2021-27464 ‥ * By an unauthenticated remote third party FactoryTalk AssetCentre Accessed to main server and all agent machines - CVE-2021-27460. Rockwell Automation FactoryTalk AssetCentre is an asset management software tool launched by Rockwell Automation, USA, which can be used by manufacturers and industrial enterprises for centralized management of controllers and other automation-related assets.
Rockwell Automation FactoryTalk AssetCentre has a SQL injection vulnerability
| VAR-202104-1940 | CVE-2021-27464 | Rockwell Automation Made FactoryTalk AssetCentre Multiple vulnerabilities in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements. Rockwell Automation Provided by the company FactoryTalk AssetCentre The following multiple vulnerabilities exist in. * Deserialize untrusted data (CWE-502) - CVE-2021-27470 , CVE-2021-27466 , CVE-2021-27462 , CVE-2021-27460 ‥ * Use of potentially dangerous functions (CWE-676) - CVE-2021-27474 ‥ * OS Command injection (CWE-78) - CVE-2021-27476 ‥ * SQL injection (CWE-89) - CVE-2021-27472 , CVE-2021-27468 , CVE-2021-27464The expected impact depends on each vulnerability, but it may be affected as follows. * Arbitrary command executed by an unauthenticated remote third party - CVE-2021-27476 , CVE-2021-27470 , CVE-2021-27466 , CVE-2021-27462 ‥ * By an unauthenticated remote third party FactoryTalk AssetCentre Confidential data is changed - CVE-2021-27474 ‥ * Any by an unauthenticated remote third party SQL The statement is executed - CVE-2021-27472 , CVE-2021-27468 , CVE-2021-27464 ‥ * By an unauthenticated remote third party FactoryTalk AssetCentre Accessed to main server and all agent machines - CVE-2021-27460. Rockwell Automation FactoryTalk AssetCentre is an asset management software tool launched by Rockwell Automation, USA, which can be used by manufacturers and industrial enterprises for centralized management of controllers and other automation-related assets.
Rockwell Automation FactoryTalk AssetCentre has a SQL injection vulnerability
| VAR-202104-1920 | CVE-2020-9146 | Huawei Vulnerability regarding lack of release of resources after valid lifetime on smartphones |
CVSS V2: 1.9 CVSS V3: 5.5 Severity: MEDIUM |
A memory buffer error vulnerability exists in a component interface of Huawei Smartphone. Local attackers can exploit this vulnerability to cause memory leakage and doS attacks by carefully constructing attack scenarios. Huawei Smartphones contain a vulnerability regarding the lack of resource release after a valid lifetime.Denial of service (DoS) It may be put into a state. Huawei Emui is an Android-based mobile operating system developed by China's Huawei (Huawei)
| VAR-202104-1919 | CVE-2020-9147 | Huawei Classic buffer overflow vulnerability in smartphones |
CVSS V2: 4.4 CVSS V3: 7.8 Severity: HIGH |
A memory buffer error vulnerability exists in a component interface of Huawei Smartphone. Local attackers may exploit this vulnerability by carefully constructing attack scenarios to cause out-of-bounds read. Huawei A classic buffer overflow vulnerability exists in smartphones.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Huawei Emui is an Android-based mobile operating system developed by China's Huawei (Huawei)
| VAR-202104-1918 | CVE-2020-9148 | Huawei Vulnerability in smartphones |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
An application bypass mechanism vulnerability exists in a component interface of Huawei Smartphone. Local attackers can exploit this vulnerability to delete user SMS messages. Huawei There are unspecified vulnerabilities in smartphones.Information may be tampered with
| VAR-202104-1917 | CVE-2020-9149 | Huawei Vulnerability in smartphones |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
An application error verification vulnerability exists in a component interface of Huawei Smartphone. Local attackers can exploit this vulnerability to modify and delete user SMS messages. Huawei There are unspecified vulnerabilities in smartphones.Information may be tampered with
| VAR-202104-1628 | CVE-2021-29083 | Synology DiskStation Manager In OS Command injection vulnerability |
CVSS V2: 9.0 CVSS V3: 7.2 Severity: HIGH |
Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter. Synology DiskStation Manager (DSM) Has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology DiskStation Manager (DSM) is an operating system for network storage servers (NAS) developed by Synology, Taiwan. The operating system can manage data, documents, photos, music and other information
| VAR-202104-1582 | CVE-2021-26581 | HPE Superdome Flex server Vulnerability in |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
A potential security vulnerability has been identified in HPE Superdome Flex server. A denial of service attack can be remotely exploited leaving hung connections to the BMC web interface. The monarch BMC must be rebooted to recover from this situation. Other BMC management is not impacted. HPE has made the following software update to resolve the vulnerability in HPE Superdome Flex Server: Superdome Flex Server Firmware 3.30.142 or later
| VAR-202103-1816 | No CVE | (0Day) D-Link DIR-882 HNAP Stack-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-882 routers. Authentication is not required to exploit this vulnerability.The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.
| VAR-202103-1352 | CVE-2021-26943 | ASUS UX360CA BIOS Vulnerability in |
CVSS V2: 7.2 CVSS V3: 8.2 Severity: HIGH |
The UX360CA BIOS through 303 on ASUS laptops allow an attacker (with the ring 0 privilege) to overwrite nearly arbitrary physical memory locations, including SMRAM, and execute arbitrary code in the SMM (issue 3 of 3). ASUS UX360CA BIOS Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Asus UX360CA BIOS through 303 is a notebook computer from Asus, Japan.
UX360CA BIOS through 303 on ASUS has a security vulnerability
| VAR-202104-0435 | CVE-2021-22327 | Huawei P30 memory write vulnerability |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing. Due to insufficient validation of the input files, successful exploit could cause certain service abnormal. Affected product versions include:HUAWEI P30 versions 10.0.0.186(C10E7R5P1), 10.0.0.186(C461E4R3P1), 10.0.0.188(C00E85R2P11), 10.0.0.188(C01E88R2P11),10.0.0.188(C605E19R1P3), 10.0.0.190(C185E4R7P1), 10.0.0.190(C431E22R2P5), 10.0.0.190(C432E22R2P5),10.0.0.190(C605E19R1P3), 10.0.0.190(C636E4R3P4), 10.0.0.192(C635E3R2P4). Huawei P30 is a smart phone of China's Huawei (Huawei) company. The vulnerability stems from the program's failure to properly validate the input file. Attackers use this vulnerability to cause abnormal program services
| VAR-202104-0437 | CVE-2021-22330 | Huawei P30 memory write out-of-bounds vulnerability |
CVSS V2: 3.3 CVSS V3: 6.5 Severity: MEDIUM |
There is an out of bounds write vulnerability in Huawei Smartphone HUAWEI P30 versions 9.1.0.131(C00E130R1P21) when processing a message. An unauthenticated attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of the input parameter, successful exploit can cause the process and the service to be abnormal. Huawei P30 is a smart phone of China's Huawei (Huawei) company. Attackers exploiting this vulnerability may cause a denial of service
| VAR-202103-1167 | CVE-2021-26810 | D-link DIR-816 A2 Code injection vulnerabilities |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dir_setWanWifi, which can lead to command injection via shell metacharacters in the statuscheckpppoeuser parameter. D-link DIR-816 A2 Contains a code injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-link DIR-816 A2 is a wireless AC750 dual-band router
| VAR-202103-1554 | CVE-2021-21409 | Netty In HTTP Request Smuggling Vulnerability |
CVSS V2: 4.3 CVSS V3: 5.9 Severity: MEDIUM |
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final. This vulnerability is CVE-2021-21295 It is a vulnerability caused by an incomplete fix.Information may be tampered with. The purpose of this text-only errata is to inform you about the
security issues fixed in this release.
Installation instructions are available from the Fuse 7.10.0 product
documentation page:
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/
4. Bugs fixed (https://bugzilla.redhat.com/):
1944888 - CVE-2021-21409 netty: Request smuggling via content-length header
2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data
2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way
2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value
5. JIRA issues fixed (https://issues.jboss.org/):
LOG-1775 - [release-5.2] Syslog output is serializing json incorrectly
LOG-1824 - [release-5.2] Rejected by Elasticsearch and unexpected json-parsing
LOG-1963 - [release-5.2] CLO panic: runtime error: slice bounds out of range [:-1]
LOG-1970 - Applying cluster state is causing elasticsearch to hit an issue and become unusable
6. Description:
Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak
project, that provides authentication and standards-based single sign-on
capabilities for web and mobile applications. Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java
applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.8 serves
as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.7,
and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise
Application Platform 7.3.8 Release Notes for information about the most
significant bug fixes and enhancements included in this release. Solution:
Before applying this update, back up your existing Red Hat JBoss Enterprise
Application Platform installation and deployed applications.
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1944888 - CVE-2021-21409 netty: Request smuggling via content-length header
1948001 - CVE-2021-3536 wildfly: XSS via admin console when creating roles in domain mode
6. JIRA issues fixed (https://issues.jboss.org/):
JBEAP-20264 - [GSS](7.3.z) ISPN-12787 - Non Transactional Cache needs to be invalidated after commit on JPQL update/delete operation
JBEAP-20503 - [GSS](7.3.z) WFCORE-5185 - Update ProviderDefinition to use optimised service loading API
JBEAP-20623 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.20.Final-redhat-00001 to 5.3.20.SP1-redhat-00001
JBEAP-21179 - Tracker bug for the EAP 7.3.8 release for RHEL-7
JBEAP-21406 - [GSS](7.3.z) Upgrade Ironjacamar from 1.4.30.Final-redhat-00001 to 1.4.33.Final-redhat-00001
JBEAP-21421 - (7.3.z) Upgrade Infinispan from 9.4.22.Final-redhat-00001 to 9.4.23.Final-redhat-00001
JBEAP-21434 - (7.3.z) Upgrade wildfly-http-client from 1.0.26.Final-redhat-00001 to 1.0.28.Final-redhat-00001
JBEAP-21435 - (7.3.z) Upgrade Elytron from 1.10.12.Final-redhat-00001 to 1.10.13.Final-redhat-00001
JBEAP-21437 - (7.3.z) Upgrade netty from 4.1.60.Final to 4.1.63
JBEAP-21441 - (7.3.z) Upgrade Undertow from 2.0.35.SP1-redhat-00001 to 2.0.38.SP1-redhat-00001
JBEAP-21443 - (7.3.z) Upgrade jberet from 1.3.7.Final-redhat-00001 to 1.3.8.Final-redhat-00001
JBEAP-21444 - (7.3.z) Upgrade wf-core from 10.1.20.Final-redhat-00001 to 10.1.21.Final-redhat-00001
JBEAP-21567 - [GSS](7.3.z) Upgrade HAL from 3.2.14.Final-redhat-00001 to 3.2.15.Final-redhat-00001
JBEAP-21582 - (7.3.z) Upgrade remoting from 5.0.20.SP1-redhat-00001 to 5.0.23.Final-redhat-00001
JBEAP-21739 - (7.3.z) Upgrade elytron-web from 1.6.2.Final-redhat-00001 to 1.6.3.Final-redhat-00001
JBEAP-21977 - [SET](7.3.z) Update product CP branch github template
7. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
8. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: EAP XP 2 security update to CVE fixes in the EAP 7.3.x base
Advisory ID: RHSA-2021:2755-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2755
Issue date: 2021-07-15
CVE Names: CVE-2020-13936 CVE-2020-15522 CVE-2020-28052
CVE-2021-3536 CVE-2021-20220 CVE-2021-20250
CVE-2021-21290 CVE-2021-21295 CVE-2021-21409
====================================================================
1. Summary:
This advisory resolves CVE issues filed against XP2 releases that have been
fixed in the underlying EAP 7.3.x base. There are no changes to the EAP XP2
code base.
NOTE: This advisory is informational only. There are no code changes
associated with it. No action is required.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Description:
These are CVE issues filed against XP2 releases that have been fixed in the
underlying EAP 7.3.x base, so no changes to the EAP XP2 code base.
Security Fix(es):
* velocity: arbitrary code execution when attacker is able to modify
templates (CVE-2020-13936)
* bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility
possible (CVE-2020-28052)
* bouncycastle: Timing issue within the EC math library (CVE-2020-15522)
* undertow: Possible regression in fix for CVE-2020-10687 (CVE-2021-20220)
* wildfly: Information disclosure due to publicly accessible privileged
actions in JBoss EJB Client (CVE-2021-20250)
* netty: Information disclosure via the local system temporary directory
(CVE-2021-21290)
* netty: possible request smuggling in HTTP/2 due missing validation
(CVE-2021-21295)
* netty: Request smuggling via content-length header (CVE-2021-21409)
* wildfly: XSS via admin console when creating roles in domain mode
(CVE-2021-3536)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
3. Solution:
This advisory is informational only. There are no code changes associated
with it. No action is required.
4. Bugs fixed (https://bugzilla.redhat.com/):
1912881 - CVE-2020-28052 bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible
1923133 - CVE-2021-20220 undertow: Possible regression in fix for CVE-2020-10687
1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory
1929479 - CVE-2021-20250 wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client
1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation
1937440 - CVE-2020-13936 velocity: arbitrary code execution when attacker is able to modify templates
1944888 - CVE-2021-21409 netty: Request smuggling via content-length header
1948001 - CVE-2021-3536 wildfly: XSS via admin console when creating roles in domain mode
1962879 - CVE-2020-15522 bouncycastle: Timing issue within the EC math library
5. JIRA issues fixed (https://issues.jboss.org/):
JBEAP-22122 - XP 2.0.0 respin (2.0.0-7.3.8.GA)
6. References:
https://access.redhat.com/security/cve/CVE-2020-13936
https://access.redhat.com/security/cve/CVE-2020-15522
https://access.redhat.com/security/cve/CVE-2020-28052
https://access.redhat.com/security/cve/CVE-2021-3536
https://access.redhat.com/security/cve/CVE-2021-20220
https://access.redhat.com/security/cve/CVE-2021-20250
https://access.redhat.com/security/cve/CVE-2021-21290
https://access.redhat.com/security/cve/CVE-2021-21295
https://access.redhat.com/security/cve/CVE-2021-21409
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/
https://access.redhat.com/articles/5975301
7. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYPBTitzjgjWX9erEAQjULQ//dqoecZtz+8zCi1Ol+lvRNTDUSiLzYCr8
Z0A3cH+s0WmMPNZiM2yZ/oykjD3ANDckf4KEBdh+ONtYGBXQKyW7VUBZVJxw6uk8
5mZMM/KlIOSPsL2LdYnnIC1OHw971Sq2hzwqWWKkMLPjOHyi1LcTfY4doFIBbRb/
njy+/dXVgZzUOJLb5Fk4/1PiXFKlTLc2+hNCpBkZGr4bgOaMChQIo/bp9xltMyQx
o+Tj23ipS4FNsyLOWJ4LLAfhNMX8UycHZxbyferFmSvBH35cw+dzi7YIvh8m/WeP
QIxa9ag1p0Tk9fFwLwP5OnCTCCh0ITixJanqTENUuJvjTZ0BqWICssWPpoqd4REt
UvulVEQfNY34Gjs2ivYlBFuKiZoOTDQiQHtaUiAlTBln14ppRDyCyDNV9YdatPQZ
NzNTEzvZbthKGdF8eW6epLWy6YFWUhXyF6SQRk20pyJZ4Aqr3MioCjnU1XjX4lks
VUnDBkJiY6f+TLwosSQojdBle/g9QFubvA+wG/ZpGVyI5Z194fWRwjZGEBTtwYTY
+KoVjP9iTu/y2N0nj6Mtj9tAAUiwuR4QA7qDA7fG8BsL36lQCRIDSMKd3/xOS0f9
S1GtgSkLjWYcCUkGGRdmFwkVQc7GSMYV7Ysy+wOJYPsrSNcgbRhUZW4EdErPbH5t
O9QuLVofSBU=j6f5
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
. Description:
AMQ Broker is a high-performance messaging implementation based on ActiveMQ
Artemis. It uses an asynchronous journal for fast message persistence, and
supports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to
in the References section.
The References section of this erratum contains a download link (you must
log in to download the update)
| VAR-202104-0203 | CVE-2020-29610 | Apple macOS AudioToolboxCore MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted audio file may disclose restricted memory. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the AudioToolboxCore module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers.
The specific flaw exists within the AudioToolboxCore module