VARIoT IoT vulnerabilities database

COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identification of a device, and potentially identification of the owner's name. COVIDSafe There is an information leakage vulnerability in.Information may be obtained

Zhejiang Dahua Technology Co., Ltd. is a video-centric intelligent IoT solution provider and operation service provider. Dahua DH-SD series cameras have unauthorized access vulnerabilities, which can be exploited by attackers to obtain sensitive information.

Zhejiang Dahua Technology Co., Ltd. is a video-centric intelligent IoT solution provider and operation service provider. An unauthorized access vulnerability exists in the Dahua PTZ camera, which can be used by attackers to obtain sensitive information.

GX Works2 is the PLC programming software of Mitsubishi Electric of Japan. GX Works2 has a DLL hijacking vulnerability. An attacker can construct a malicious application and place it in a specific path, allowing the application to load and execute the malicious DLL.

An issue was discovered in Mikrotik-Router-Monitoring-System through 2018-10-22. SQL Injection exists in check_community.php via the parameter community. Mikrotik-Router-Monitoring-System To SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Mikrotik-Router-Monitoring-System is a set of SNMP-based Mikrotik router monitoring system developed by adeoluwa-adebiyi software developer. The vulnerability stems from the lack of verification of externally input SQL statements in database-based applications. Attackers can exploit this vulnerability to execute illegal SQL commands

Zyxel NBG-418N is a broadband router. Zyxel NBG-418N v2 Modem has a cross-site request forgery vulnerability that an attacker can use to execute arbitrary script code in the context of the affected site, steal cookie-based authentication credentials or perform unauthorized operations.

An issue was discovered on D-Link DAP-1360 revision F devices. Remote attackers can start a telnet service without authorization via an undocumented HTTP request. Although this is the primary vulnerability, the impact depends on the firmware version. Versions 609EU through 613EUbeta were tested. Versions through 6.12b01 have weak root credentials, allowing an attacker to gain remote root access. After 6.12b01, the root credentials were changed but the telnet service can still be started without authorization. D-Link DAP-1360 The device contains a vulnerability related to lack of authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DAP-136 is a wireless network signal extender from D-Link, Taiwan. There is a security vulnerability in D-Link DAP-1360 (all Fx hardware versions) using firmware v6.13EUb01 and earlier

eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup (or factory reset). eQ-3 Homematic Central Control Unit (CCU)2 and CCU3 There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Both eQ-3 Homematic CCU3 and eQ-3 HomeMatic CCU2 are central control units of a smart home system from German eQ-3 company. eQ-3 Homematic CCU2 2.51.6 and earlier versions and CCU3 3.51.6 and earlier versions have security vulnerabilities

WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. WebAccess Node Is Advantech Industrial software provided by. The issue results from incorrect permissions set on a resource used by the service. Authentication is not required to exploit this vulnerability.The specific flaw exists within DATACORE.exe. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess browser-based HMI and SCADA software. Advantech WebAccess is a set of browser-based HMI/SCADA software developed by China Taiwan Advantech Company. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment

A vulnerability in Apache Flink (1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0) where, when running a process with an enabled JMXReporter, with a port configured via metrics.reporter.reporter_name>.port, an attacker with local access to the machine and JMX port can execute a man-in-the-middle attack using a specially crafted request to rebind the JMXRMI registry to one under the attacker's control. This compromises any connection established to the process via JMX, allowing extraction of credentials and any other transferred data. Apache Flink There is an injection vulnerability in.Information may be obtained. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Fuse 7.8.0 release and security update Advisory ID: RHSA-2020:5568-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2020:5568 Issue date: 2020-12-16 CVE Names: CVE-2018-1000873 CVE-2019-0205 CVE-2019-0210 CVE-2019-2692 CVE-2019-3773 CVE-2019-3774 CVE-2019-10202 CVE-2019-10219 CVE-2019-11777 CVE-2019-12406 CVE-2019-12423 CVE-2019-13990 CVE-2019-14900 CVE-2019-17566 CVE-2019-17638 CVE-2019-19343 CVE-2020-1714 CVE-2020-1719 CVE-2020-1950 CVE-2020-1960 CVE-2020-5398 CVE-2020-7226 CVE-2020-9488 CVE-2020-9489 CVE-2020-10683 CVE-2020-10740 CVE-2020-11612 CVE-2020-11971 CVE-2020-11972 CVE-2020-11973 CVE-2020-11980 CVE-2020-11989 CVE-2020-11994 CVE-2020-13692 CVE-2020-13933 CVE-2020-14326 ==================================================================== 1. Summary: A minor version update (from 7.7 to 7.8) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: This release of Red Hat Fuse 7.8.0 serves as a replacement for Red Hat Fuse 7.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * libquartz: XXE attacks via job description (CVE-2019-13990) * jetty: double release of resource can lead to information disclosure (CVE-2019-17638) * keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution (CVE-2020-1714) * springframework: RFD attack via Content-Disposition Header sourced from request input by Spring MVC or Spring WebFlux Application (CVE-2020-5398) * wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740) * camel: RabbitMQ enables Java deserialization by default which could leed to remote code execution (CVE-2020-11972) * camel: Netty enables Java deserialization by default which could leed to remote code execution (CVE-2020-11973) * shiro: spring dynamic controllers, a specially crafted request may cause an authentication bypass (CVE-2020-11989) * camel: server-side template injection and arbitrary file disclosure on templating components (CVE-2020-11994) * postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML (CVE-2020-13692) * shiro: specially crafted HTTP request may cause an authentication bypass (CVE-2020-13933) * RESTEasy: Caching routes in RootNode may result in DoS (CVE-2020-14326) * jackson-modules-java8: DoS due to an Improper Input Validation (CVE-2018-1000873) * thrift: Endless loop when feed with specific input data (CVE-2019-0205) * thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210) * mysql-connector-java: privilege escalation in MySQL connector (CVE-2019-2692) * spring-ws: XML External Entity Injection (XXE) when receiving XML data from untrusted sources (CVE-2019-3773) * spring-batch: XML External Entity Injection (XXE) when receiving XML data from untrusted sources (CVE-2019-3774) * codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities (CVE-2019-10202) * hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219) * org.eclipse.paho.client.mqttv3: Improper hostname validation in the MQTT library (CVE-2019-11777) * cxf: does not restrict the number of message attachments (CVE-2019-12406) * cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423) * hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900) * batik: SSRF via "xlink:href" (CVE-2019-17566) * Undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely (CVE-2019-19343) * Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719) * apache-flink: JMX information disclosure vulnerability (CVE-2020-1960) * cryptacular: excessive memory allocation during a decode operation (CVE-2020-7226) * tika-core: Denial of Service Vulnerabilities in Some of Apache Tika's Parsers (CVE-2020-9489) * dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683) * netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612) * camel: DNS Rebinding in JMX Connector could result in remote command execution (CVE-2020-11971) * karaf: A remote client could create MBeans from arbitrary URLs (CVE-2020-11980) * tika: excessive memory usage in PSDParser (CVE-2020-1950) * log4j: improper validation of certificate with host mismatch in SMTP appender (CVE-2020-9488) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.8.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/ 4. Bugs fixed (https://bugzilla.redhat.com/): 1665601 - CVE-2018-1000873 jackson-modules-java8: DoS due to an Improper Input Validation 1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM 1670593 - CVE-2019-3773 spring-ws: XML External Entity Injection (XXE) when receiving XML data from untrusted sources 1670597 - CVE-2019-3774 spring-batch: XML External Entity Injection (XXE) when receiving XML data from untrusted sources 1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser 1703402 - CVE-2019-2692 mysql-connector-java: privilege escalation in MySQL connector 1705975 - CVE-2020-1714 keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution 1731271 - CVE-2019-10202 codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities 1738673 - CVE-2019-10219 hibernate-validator: safeHTML validator allows XSS 1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol 1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data 1780445 - CVE-2019-19343 Undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely 1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain 1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId 1799475 - CVE-2020-5398 springframework: RFD attack via Content-Disposition Header sourced from request input by Spring MVC or Spring WebFlux Application 1801149 - CVE-2019-13990 libquartz: XXE attacks via job description 1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation 1816170 - CVE-2019-12406 cxf: does not restrict the number of message attachments 1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes 1822759 - CVE-2020-1950 tika: excessive memory usage in PSDParser 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender 1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans 1848126 - CVE-2020-1960 apache-flink: JMX information disclosure vulnerability 1848433 - CVE-2020-11971 camel: DNS Rebinding in JMX Connector could result in remote command execution 1848464 - CVE-2020-11972 camel: RabbitMQ enables Java deserialization by default which could leed to remote code execution 1848465 - CVE-2020-11973 camel: Netty enables Java deserialization by default which could leed to remote code execution 1848617 - CVE-2019-17566 batik: SSRF via "xlink:href" 1850042 - CVE-2020-9489 tika-core: Denial of Service Vulnerabilities in Some of Apache Tika's Parsers 1850069 - CVE-2020-11989 shiro: spring dynamic controllers, a specially crafted request may cause an authentication bypass 1850450 - CVE-2020-11980 karaf: A remote client could create MBeans from arbitrary URLs 1852985 - CVE-2020-13692 postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML 1855786 - CVE-2020-11994 camel: server-side template injection and arbitrary file disclosure on templating components 1855826 - CVE-2020-14326 RESTEasy: Caching routes in RootNode may result in DoS 1864680 - CVE-2019-17638 jetty: double release of resource can lead to information disclosure 1869860 - CVE-2020-13933 shiro: specially crafted HTTP request may cause an authentication bypass 1879743 - CVE-2019-11777 org.eclipse.paho.client.mqttv3: Improper hostname validation in the MQTT library 5. References: https://access.redhat.com/security/cve/CVE-2018-1000873 https://access.redhat.com/security/cve/CVE-2019-0205 https://access.redhat.com/security/cve/CVE-2019-0210 https://access.redhat.com/security/cve/CVE-2019-2692 https://access.redhat.com/security/cve/CVE-2019-3773 https://access.redhat.com/security/cve/CVE-2019-3774 https://access.redhat.com/security/cve/CVE-2019-10202 https://access.redhat.com/security/cve/CVE-2019-10219 https://access.redhat.com/security/cve/CVE-2019-11777 https://access.redhat.com/security/cve/CVE-2019-12406 https://access.redhat.com/security/cve/CVE-2019-12423 https://access.redhat.com/security/cve/CVE-2019-13990 https://access.redhat.com/security/cve/CVE-2019-14900 https://access.redhat.com/security/cve/CVE-2019-17566 https://access.redhat.com/security/cve/CVE-2019-17638 https://access.redhat.com/security/cve/CVE-2019-19343 https://access.redhat.com/security/cve/CVE-2020-1714 https://access.redhat.com/security/cve/CVE-2020-1719 https://access.redhat.com/security/cve/CVE-2020-1950 https://access.redhat.com/security/cve/CVE-2020-1960 https://access.redhat.com/security/cve/CVE-2020-5398 https://access.redhat.com/security/cve/CVE-2020-7226 https://access.redhat.com/security/cve/CVE-2020-9488 https://access.redhat.com/security/cve/CVE-2020-9489 https://access.redhat.com/security/cve/CVE-2020-10683 https://access.redhat.com/security/cve/CVE-2020-10740 https://access.redhat.com/security/cve/CVE-2020-11612 https://access.redhat.com/security/cve/CVE-2020-11971 https://access.redhat.com/security/cve/CVE-2020-11972 https://access.redhat.com/security/cve/CVE-2020-11973 https://access.redhat.com/security/cve/CVE-2020-11980 https://access.redhat.com/security/cve/CVE-2020-11989 https://access.redhat.com/security/cve/CVE-2020-11994 https://access.redhat.com/security/cve/CVE-2020-13692 https://access.redhat.com/security/cve/CVE-2020-13933 https://access.redhat.com/security/cve/CVE-2020-14326 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.8.0 https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/ 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX9n5stzjgjWX9erEAQhLEA/+P1hIAPgSOz6uLDvvZvm73qyxbuISD92X kJ158V+IX64dMlCuUCfFFKiuRCsDzhCSi52P4m8q06OskS1QndEmjfSixER/pG8X YJKatVpbxbVE3V2U/wRRfrG/j18UhwNatS3VouvdKOXwQewWb0TaGwGJ9wdZLDMd 7owlOwqQ1dOh2AMS3NWAeNBSzQtfk0GUb61+V1WRdCBs/PII1roRJyZEGEBsIZtg z66CncAjMwL7zj/ZRYK7ogWL20HwMgCQ3oAHo1ENM5k6o7scqRArhMKPthdtF88y AwqPo8ocQCE5JB66tbUie6ze2sYPgBflWSJ0zEv3suyUbzLyO2d1utzyXn24ffYN 0F1gY0YFsLiNRZPfdtGx+cPB5dlBOnnJUOTXA1e87CXohPRKqWuqQaxChGQY8CiH ZiWg2U/NLuBgg7SkL1Vm9Fqfe06roAfDQLL4nnd8BcRkmhNWG7KL2ve2fRDbfqKT RH9x3XbHhD0cfvTFaEj0qVojsSCjVrE+SeJdluDY21kf0OxspVDMffQ0WD2cNVFh PgaQJt4ItTfkanw7cKs1GNH4WjMmpuAfe2lzR3JBLlkSvf7iqiPVIrIY+NAOHYG0 Mtx6d3mbwr91KjGg3lXOoM+tTFjOiCZMr/k7WIt3VllJpBP18cbAXeGtEmpMg+jA f8t2frnd7kM=jGVK -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0. Apache Camel There is an input verification vulnerability in.Information may be obtained. Apache Camel is an open source integration framework based on the Enterprise Integration Pattern (EIP) of the Apache Software Foundation. The framework provides the implementation of Java objects (POJO) of the enterprise integration pattern, and configures the rules of routing and mediation through application programming interfaces. An attacker could exploit this vulnerability to obtain sensitive information through a specially crafted request. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Fuse 7.8.0 release and security update Advisory ID: RHSA-2020:5568-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2020:5568 Issue date: 2020-12-16 CVE Names: CVE-2018-1000873 CVE-2019-0205 CVE-2019-0210 CVE-2019-2692 CVE-2019-3773 CVE-2019-3774 CVE-2019-10202 CVE-2019-10219 CVE-2019-11777 CVE-2019-12406 CVE-2019-12423 CVE-2019-13990 CVE-2019-14900 CVE-2019-17566 CVE-2019-17638 CVE-2019-19343 CVE-2020-1714 CVE-2020-1719 CVE-2020-1950 CVE-2020-1960 CVE-2020-5398 CVE-2020-7226 CVE-2020-9488 CVE-2020-9489 CVE-2020-10683 CVE-2020-10740 CVE-2020-11612 CVE-2020-11971 CVE-2020-11972 CVE-2020-11973 CVE-2020-11980 CVE-2020-11989 CVE-2020-11994 CVE-2020-13692 CVE-2020-13933 CVE-2020-14326 ==================================================================== 1. Summary: A minor version update (from 7.7 to 7.8) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: This release of Red Hat Fuse 7.8.0 serves as a replacement for Red Hat Fuse 7.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * libquartz: XXE attacks via job description (CVE-2019-13990) * jetty: double release of resource can lead to information disclosure (CVE-2019-17638) * keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution (CVE-2020-1714) * springframework: RFD attack via Content-Disposition Header sourced from request input by Spring MVC or Spring WebFlux Application (CVE-2020-5398) * wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740) * camel: RabbitMQ enables Java deserialization by default which could leed to remote code execution (CVE-2020-11972) * camel: Netty enables Java deserialization by default which could leed to remote code execution (CVE-2020-11973) * shiro: spring dynamic controllers, a specially crafted request may cause an authentication bypass (CVE-2020-11989) * camel: server-side template injection and arbitrary file disclosure on templating components (CVE-2020-11994) * postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML (CVE-2020-13692) * shiro: specially crafted HTTP request may cause an authentication bypass (CVE-2020-13933) * RESTEasy: Caching routes in RootNode may result in DoS (CVE-2020-14326) * jackson-modules-java8: DoS due to an Improper Input Validation (CVE-2018-1000873) * thrift: Endless loop when feed with specific input data (CVE-2019-0205) * thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210) * mysql-connector-java: privilege escalation in MySQL connector (CVE-2019-2692) * spring-ws: XML External Entity Injection (XXE) when receiving XML data from untrusted sources (CVE-2019-3773) * spring-batch: XML External Entity Injection (XXE) when receiving XML data from untrusted sources (CVE-2019-3774) * codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities (CVE-2019-10202) * hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219) * org.eclipse.paho.client.mqttv3: Improper hostname validation in the MQTT library (CVE-2019-11777) * cxf: does not restrict the number of message attachments (CVE-2019-12406) * cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423) * hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900) * batik: SSRF via "xlink:href" (CVE-2019-17566) * Undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely (CVE-2019-19343) * Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719) * apache-flink: JMX information disclosure vulnerability (CVE-2020-1960) * cryptacular: excessive memory allocation during a decode operation (CVE-2020-7226) * tika-core: Denial of Service Vulnerabilities in Some of Apache Tika's Parsers (CVE-2020-9489) * dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683) * netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612) * camel: DNS Rebinding in JMX Connector could result in remote command execution (CVE-2020-11971) * karaf: A remote client could create MBeans from arbitrary URLs (CVE-2020-11980) * tika: excessive memory usage in PSDParser (CVE-2020-1950) * log4j: improper validation of certificate with host mismatch in SMTP appender (CVE-2020-9488) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.8.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/ 4. Bugs fixed (https://bugzilla.redhat.com/): 1665601 - CVE-2018-1000873 jackson-modules-java8: DoS due to an Improper Input Validation 1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM 1670593 - CVE-2019-3773 spring-ws: XML External Entity Injection (XXE) when receiving XML data from untrusted sources 1670597 - CVE-2019-3774 spring-batch: XML External Entity Injection (XXE) when receiving XML data from untrusted sources 1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser 1703402 - CVE-2019-2692 mysql-connector-java: privilege escalation in MySQL connector 1705975 - CVE-2020-1714 keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution 1731271 - CVE-2019-10202 codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities 1738673 - CVE-2019-10219 hibernate-validator: safeHTML validator allows XSS 1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol 1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data 1780445 - CVE-2019-19343 Undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely 1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain 1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId 1799475 - CVE-2020-5398 springframework: RFD attack via Content-Disposition Header sourced from request input by Spring MVC or Spring WebFlux Application 1801149 - CVE-2019-13990 libquartz: XXE attacks via job description 1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation 1816170 - CVE-2019-12406 cxf: does not restrict the number of message attachments 1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes 1822759 - CVE-2020-1950 tika: excessive memory usage in PSDParser 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender 1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans 1848126 - CVE-2020-1960 apache-flink: JMX information disclosure vulnerability 1848433 - CVE-2020-11971 camel: DNS Rebinding in JMX Connector could result in remote command execution 1848464 - CVE-2020-11972 camel: RabbitMQ enables Java deserialization by default which could leed to remote code execution 1848465 - CVE-2020-11973 camel: Netty enables Java deserialization by default which could leed to remote code execution 1848617 - CVE-2019-17566 batik: SSRF via "xlink:href" 1850042 - CVE-2020-9489 tika-core: Denial of Service Vulnerabilities in Some of Apache Tika's Parsers 1850069 - CVE-2020-11989 shiro: spring dynamic controllers, a specially crafted request may cause an authentication bypass 1850450 - CVE-2020-11980 karaf: A remote client could create MBeans from arbitrary URLs 1852985 - CVE-2020-13692 postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML 1855786 - CVE-2020-11994 camel: server-side template injection and arbitrary file disclosure on templating components 1855826 - CVE-2020-14326 RESTEasy: Caching routes in RootNode may result in DoS 1864680 - CVE-2019-17638 jetty: double release of resource can lead to information disclosure 1869860 - CVE-2020-13933 shiro: specially crafted HTTP request may cause an authentication bypass 1879743 - CVE-2019-11777 org.eclipse.paho.client.mqttv3: Improper hostname validation in the MQTT library 5. References: https://access.redhat.com/security/cve/CVE-2018-1000873 https://access.redhat.com/security/cve/CVE-2019-0205 https://access.redhat.com/security/cve/CVE-2019-0210 https://access.redhat.com/security/cve/CVE-2019-2692 https://access.redhat.com/security/cve/CVE-2019-3773 https://access.redhat.com/security/cve/CVE-2019-3774 https://access.redhat.com/security/cve/CVE-2019-10202 https://access.redhat.com/security/cve/CVE-2019-10219 https://access.redhat.com/security/cve/CVE-2019-11777 https://access.redhat.com/security/cve/CVE-2019-12406 https://access.redhat.com/security/cve/CVE-2019-12423 https://access.redhat.com/security/cve/CVE-2019-13990 https://access.redhat.com/security/cve/CVE-2019-14900 https://access.redhat.com/security/cve/CVE-2019-17566 https://access.redhat.com/security/cve/CVE-2019-17638 https://access.redhat.com/security/cve/CVE-2019-19343 https://access.redhat.com/security/cve/CVE-2020-1714 https://access.redhat.com/security/cve/CVE-2020-1719 https://access.redhat.com/security/cve/CVE-2020-1950 https://access.redhat.com/security/cve/CVE-2020-1960 https://access.redhat.com/security/cve/CVE-2020-5398 https://access.redhat.com/security/cve/CVE-2020-7226 https://access.redhat.com/security/cve/CVE-2020-9488 https://access.redhat.com/security/cve/CVE-2020-9489 https://access.redhat.com/security/cve/CVE-2020-10683 https://access.redhat.com/security/cve/CVE-2020-10740 https://access.redhat.com/security/cve/CVE-2020-11612 https://access.redhat.com/security/cve/CVE-2020-11971 https://access.redhat.com/security/cve/CVE-2020-11972 https://access.redhat.com/security/cve/CVE-2020-11973 https://access.redhat.com/security/cve/CVE-2020-11980 https://access.redhat.com/security/cve/CVE-2020-11989 https://access.redhat.com/security/cve/CVE-2020-11994 https://access.redhat.com/security/cve/CVE-2020-13692 https://access.redhat.com/security/cve/CVE-2020-13933 https://access.redhat.com/security/cve/CVE-2020-14326 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.8.0 https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/ 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX9n5stzjgjWX9erEAQhLEA/+P1hIAPgSOz6uLDvvZvm73qyxbuISD92X kJ158V+IX64dMlCuUCfFFKiuRCsDzhCSi52P4m8q06OskS1QndEmjfSixER/pG8X YJKatVpbxbVE3V2U/wRRfrG/j18UhwNatS3VouvdKOXwQewWb0TaGwGJ9wdZLDMd 7owlOwqQ1dOh2AMS3NWAeNBSzQtfk0GUb61+V1WRdCBs/PII1roRJyZEGEBsIZtg z66CncAjMwL7zj/ZRYK7ogWL20HwMgCQ3oAHo1ENM5k6o7scqRArhMKPthdtF88y AwqPo8ocQCE5JB66tbUie6ze2sYPgBflWSJ0zEv3suyUbzLyO2d1utzyXn24ffYN 0F1gY0YFsLiNRZPfdtGx+cPB5dlBOnnJUOTXA1e87CXohPRKqWuqQaxChGQY8CiH ZiWg2U/NLuBgg7SkL1Vm9Fqfe06roAfDQLL4nnd8BcRkmhNWG7KL2ve2fRDbfqKT RH9x3XbHhD0cfvTFaEj0qVojsSCjVrE+SeJdluDY21kf0OxspVDMffQ0WD2cNVFh PgaQJt4ItTfkanw7cKs1GNH4WjMmpuAfe2lzR3JBLlkSvf7iqiPVIrIY+NAOHYG0 Mtx6d3mbwr91KjGg3lXOoM+tTFjOiCZMr/k7WIt3VllJpBP18cbAXeGtEmpMg+jA f8t2frnd7kM=jGVK -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0. Apache Camel Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Camel A template component contains an injection vulnerability.Information may be obtained. Apache Camel is an open source integration framework based on the Enterprise Integration Pattern (EIP) of the Apache Software Foundation. The framework provides the implementation of Java objects (POJO) of the enterprise integration pattern, and configures the rules of routing and mediation through application programming interfaces. Netty is one of the socket communication components. An attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Fuse 7.8.0 release and security update Advisory ID: RHSA-2020:5568-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2020:5568 Issue date: 2020-12-16 CVE Names: CVE-2018-1000873 CVE-2019-0205 CVE-2019-0210 CVE-2019-2692 CVE-2019-3773 CVE-2019-3774 CVE-2019-10202 CVE-2019-10219 CVE-2019-11777 CVE-2019-12406 CVE-2019-12423 CVE-2019-13990 CVE-2019-14900 CVE-2019-17566 CVE-2019-17638 CVE-2019-19343 CVE-2020-1714 CVE-2020-1719 CVE-2020-1950 CVE-2020-1960 CVE-2020-5398 CVE-2020-7226 CVE-2020-9488 CVE-2020-9489 CVE-2020-10683 CVE-2020-10740 CVE-2020-11612 CVE-2020-11971 CVE-2020-11972 CVE-2020-11973 CVE-2020-11980 CVE-2020-11989 CVE-2020-11994 CVE-2020-13692 CVE-2020-13933 CVE-2020-14326 ==================================================================== 1. Summary: A minor version update (from 7.7 to 7.8) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: This release of Red Hat Fuse 7.8.0 serves as a replacement for Red Hat Fuse 7.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * libquartz: XXE attacks via job description (CVE-2019-13990) * jetty: double release of resource can lead to information disclosure (CVE-2019-17638) * keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution (CVE-2020-1714) * springframework: RFD attack via Content-Disposition Header sourced from request input by Spring MVC or Spring WebFlux Application (CVE-2020-5398) * wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740) * camel: RabbitMQ enables Java deserialization by default which could leed to remote code execution (CVE-2020-11972) * camel: Netty enables Java deserialization by default which could leed to remote code execution (CVE-2020-11973) * shiro: spring dynamic controllers, a specially crafted request may cause an authentication bypass (CVE-2020-11989) * camel: server-side template injection and arbitrary file disclosure on templating components (CVE-2020-11994) * postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML (CVE-2020-13692) * shiro: specially crafted HTTP request may cause an authentication bypass (CVE-2020-13933) * RESTEasy: Caching routes in RootNode may result in DoS (CVE-2020-14326) * jackson-modules-java8: DoS due to an Improper Input Validation (CVE-2018-1000873) * thrift: Endless loop when feed with specific input data (CVE-2019-0205) * thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210) * mysql-connector-java: privilege escalation in MySQL connector (CVE-2019-2692) * spring-ws: XML External Entity Injection (XXE) when receiving XML data from untrusted sources (CVE-2019-3773) * spring-batch: XML External Entity Injection (XXE) when receiving XML data from untrusted sources (CVE-2019-3774) * codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities (CVE-2019-10202) * hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219) * org.eclipse.paho.client.mqttv3: Improper hostname validation in the MQTT library (CVE-2019-11777) * cxf: does not restrict the number of message attachments (CVE-2019-12406) * cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423) * hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900) * batik: SSRF via "xlink:href" (CVE-2019-17566) * Undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely (CVE-2019-19343) * Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719) * apache-flink: JMX information disclosure vulnerability (CVE-2020-1960) * cryptacular: excessive memory allocation during a decode operation (CVE-2020-7226) * tika-core: Denial of Service Vulnerabilities in Some of Apache Tika's Parsers (CVE-2020-9489) * dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683) * netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612) * camel: DNS Rebinding in JMX Connector could result in remote command execution (CVE-2020-11971) * karaf: A remote client could create MBeans from arbitrary URLs (CVE-2020-11980) * tika: excessive memory usage in PSDParser (CVE-2020-1950) * log4j: improper validation of certificate with host mismatch in SMTP appender (CVE-2020-9488) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.8.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/ 4. Bugs fixed (https://bugzilla.redhat.com/): 1665601 - CVE-2018-1000873 jackson-modules-java8: DoS due to an Improper Input Validation 1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM 1670593 - CVE-2019-3773 spring-ws: XML External Entity Injection (XXE) when receiving XML data from untrusted sources 1670597 - CVE-2019-3774 spring-batch: XML External Entity Injection (XXE) when receiving XML data from untrusted sources 1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser 1703402 - CVE-2019-2692 mysql-connector-java: privilege escalation in MySQL connector 1705975 - CVE-2020-1714 keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution 1731271 - CVE-2019-10202 codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities 1738673 - CVE-2019-10219 hibernate-validator: safeHTML validator allows XSS 1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol 1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data 1780445 - CVE-2019-19343 Undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely 1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain 1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId 1799475 - CVE-2020-5398 springframework: RFD attack via Content-Disposition Header sourced from request input by Spring MVC or Spring WebFlux Application 1801149 - CVE-2019-13990 libquartz: XXE attacks via job description 1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation 1816170 - CVE-2019-12406 cxf: does not restrict the number of message attachments 1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes 1822759 - CVE-2020-1950 tika: excessive memory usage in PSDParser 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender 1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans 1848126 - CVE-2020-1960 apache-flink: JMX information disclosure vulnerability 1848433 - CVE-2020-11971 camel: DNS Rebinding in JMX Connector could result in remote command execution 1848464 - CVE-2020-11972 camel: RabbitMQ enables Java deserialization by default which could leed to remote code execution 1848465 - CVE-2020-11973 camel: Netty enables Java deserialization by default which could leed to remote code execution 1848617 - CVE-2019-17566 batik: SSRF via "xlink:href" 1850042 - CVE-2020-9489 tika-core: Denial of Service Vulnerabilities in Some of Apache Tika's Parsers 1850069 - CVE-2020-11989 shiro: spring dynamic controllers, a specially crafted request may cause an authentication bypass 1850450 - CVE-2020-11980 karaf: A remote client could create MBeans from arbitrary URLs 1852985 - CVE-2020-13692 postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML 1855786 - CVE-2020-11994 camel: server-side template injection and arbitrary file disclosure on templating components 1855826 - CVE-2020-14326 RESTEasy: Caching routes in RootNode may result in DoS 1864680 - CVE-2019-17638 jetty: double release of resource can lead to information disclosure 1869860 - CVE-2020-13933 shiro: specially crafted HTTP request may cause an authentication bypass 1879743 - CVE-2019-11777 org.eclipse.paho.client.mqttv3: Improper hostname validation in the MQTT library 5. References: https://access.redhat.com/security/cve/CVE-2018-1000873 https://access.redhat.com/security/cve/CVE-2019-0205 https://access.redhat.com/security/cve/CVE-2019-0210 https://access.redhat.com/security/cve/CVE-2019-2692 https://access.redhat.com/security/cve/CVE-2019-3773 https://access.redhat.com/security/cve/CVE-2019-3774 https://access.redhat.com/security/cve/CVE-2019-10202 https://access.redhat.com/security/cve/CVE-2019-10219 https://access.redhat.com/security/cve/CVE-2019-11777 https://access.redhat.com/security/cve/CVE-2019-12406 https://access.redhat.com/security/cve/CVE-2019-12423 https://access.redhat.com/security/cve/CVE-2019-13990 https://access.redhat.com/security/cve/CVE-2019-14900 https://access.redhat.com/security/cve/CVE-2019-17566 https://access.redhat.com/security/cve/CVE-2019-17638 https://access.redhat.com/security/cve/CVE-2019-19343 https://access.redhat.com/security/cve/CVE-2020-1714 https://access.redhat.com/security/cve/CVE-2020-1719 https://access.redhat.com/security/cve/CVE-2020-1950 https://access.redhat.com/security/cve/CVE-2020-1960 https://access.redhat.com/security/cve/CVE-2020-5398 https://access.redhat.com/security/cve/CVE-2020-7226 https://access.redhat.com/security/cve/CVE-2020-9488 https://access.redhat.com/security/cve/CVE-2020-9489 https://access.redhat.com/security/cve/CVE-2020-10683 https://access.redhat.com/security/cve/CVE-2020-10740 https://access.redhat.com/security/cve/CVE-2020-11612 https://access.redhat.com/security/cve/CVE-2020-11971 https://access.redhat.com/security/cve/CVE-2020-11972 https://access.redhat.com/security/cve/CVE-2020-11973 https://access.redhat.com/security/cve/CVE-2020-11980 https://access.redhat.com/security/cve/CVE-2020-11989 https://access.redhat.com/security/cve/CVE-2020-11994 https://access.redhat.com/security/cve/CVE-2020-13692 https://access.redhat.com/security/cve/CVE-2020-13933 https://access.redhat.com/security/cve/CVE-2020-14326 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.8.0 https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/ 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX9n5stzjgjWX9erEAQhLEA/+P1hIAPgSOz6uLDvvZvm73qyxbuISD92X kJ158V+IX64dMlCuUCfFFKiuRCsDzhCSi52P4m8q06OskS1QndEmjfSixER/pG8X YJKatVpbxbVE3V2U/wRRfrG/j18UhwNatS3VouvdKOXwQewWb0TaGwGJ9wdZLDMd 7owlOwqQ1dOh2AMS3NWAeNBSzQtfk0GUb61+V1WRdCBs/PII1roRJyZEGEBsIZtg z66CncAjMwL7zj/ZRYK7ogWL20HwMgCQ3oAHo1ENM5k6o7scqRArhMKPthdtF88y AwqPo8ocQCE5JB66tbUie6ze2sYPgBflWSJ0zEv3suyUbzLyO2d1utzyXn24ffYN 0F1gY0YFsLiNRZPfdtGx+cPB5dlBOnnJUOTXA1e87CXohPRKqWuqQaxChGQY8CiH ZiWg2U/NLuBgg7SkL1Vm9Fqfe06roAfDQLL4nnd8BcRkmhNWG7KL2ve2fRDbfqKT RH9x3XbHhD0cfvTFaEj0qVojsSCjVrE+SeJdluDY21kf0OxspVDMffQ0WD2cNVFh PgaQJt4ItTfkanw7cKs1GNH4WjMmpuAfe2lzR3JBLlkSvf7iqiPVIrIY+NAOHYG0 Mtx6d3mbwr91KjGg3lXOoM+tTFjOiCZMr/k7WIt3VllJpBP18cbAXeGtEmpMg+jA f8t2frnd7kM=jGVK -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0. Apache Camel Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Apache Camel is an open source integration framework based on the Enterprise Integration Pattern (EIP) of the Apache Software Foundation. The framework provides the implementation of Java objects (POJO) of the enterprise integration pattern, and configures the rules of routing and mediation through application programming interfaces. RabbitMQ is one of the message broker components. An attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Fuse 7.8.0 release and security update Advisory ID: RHSA-2020:5568-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2020:5568 Issue date: 2020-12-16 CVE Names: CVE-2018-1000873 CVE-2019-0205 CVE-2019-0210 CVE-2019-2692 CVE-2019-3773 CVE-2019-3774 CVE-2019-10202 CVE-2019-10219 CVE-2019-11777 CVE-2019-12406 CVE-2019-12423 CVE-2019-13990 CVE-2019-14900 CVE-2019-17566 CVE-2019-17638 CVE-2019-19343 CVE-2020-1714 CVE-2020-1719 CVE-2020-1950 CVE-2020-1960 CVE-2020-5398 CVE-2020-7226 CVE-2020-9488 CVE-2020-9489 CVE-2020-10683 CVE-2020-10740 CVE-2020-11612 CVE-2020-11971 CVE-2020-11972 CVE-2020-11973 CVE-2020-11980 CVE-2020-11989 CVE-2020-11994 CVE-2020-13692 CVE-2020-13933 CVE-2020-14326 ==================================================================== 1. Summary: A minor version update (from 7.7 to 7.8) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: This release of Red Hat Fuse 7.8.0 serves as a replacement for Red Hat Fuse 7.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * libquartz: XXE attacks via job description (CVE-2019-13990) * jetty: double release of resource can lead to information disclosure (CVE-2019-17638) * keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution (CVE-2020-1714) * springframework: RFD attack via Content-Disposition Header sourced from request input by Spring MVC or Spring WebFlux Application (CVE-2020-5398) * wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740) * camel: RabbitMQ enables Java deserialization by default which could leed to remote code execution (CVE-2020-11972) * camel: Netty enables Java deserialization by default which could leed to remote code execution (CVE-2020-11973) * shiro: spring dynamic controllers, a specially crafted request may cause an authentication bypass (CVE-2020-11989) * camel: server-side template injection and arbitrary file disclosure on templating components (CVE-2020-11994) * postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML (CVE-2020-13692) * shiro: specially crafted HTTP request may cause an authentication bypass (CVE-2020-13933) * RESTEasy: Caching routes in RootNode may result in DoS (CVE-2020-14326) * jackson-modules-java8: DoS due to an Improper Input Validation (CVE-2018-1000873) * thrift: Endless loop when feed with specific input data (CVE-2019-0205) * thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210) * mysql-connector-java: privilege escalation in MySQL connector (CVE-2019-2692) * spring-ws: XML External Entity Injection (XXE) when receiving XML data from untrusted sources (CVE-2019-3773) * spring-batch: XML External Entity Injection (XXE) when receiving XML data from untrusted sources (CVE-2019-3774) * codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities (CVE-2019-10202) * hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219) * org.eclipse.paho.client.mqttv3: Improper hostname validation in the MQTT library (CVE-2019-11777) * cxf: does not restrict the number of message attachments (CVE-2019-12406) * cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423) * hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900) * batik: SSRF via "xlink:href" (CVE-2019-17566) * Undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely (CVE-2019-19343) * Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719) * apache-flink: JMX information disclosure vulnerability (CVE-2020-1960) * cryptacular: excessive memory allocation during a decode operation (CVE-2020-7226) * tika-core: Denial of Service Vulnerabilities in Some of Apache Tika's Parsers (CVE-2020-9489) * dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683) * netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612) * camel: DNS Rebinding in JMX Connector could result in remote command execution (CVE-2020-11971) * karaf: A remote client could create MBeans from arbitrary URLs (CVE-2020-11980) * tika: excessive memory usage in PSDParser (CVE-2020-1950) * log4j: improper validation of certificate with host mismatch in SMTP appender (CVE-2020-9488) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.8.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/ 4. Bugs fixed (https://bugzilla.redhat.com/): 1665601 - CVE-2018-1000873 jackson-modules-java8: DoS due to an Improper Input Validation 1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM 1670593 - CVE-2019-3773 spring-ws: XML External Entity Injection (XXE) when receiving XML data from untrusted sources 1670597 - CVE-2019-3774 spring-batch: XML External Entity Injection (XXE) when receiving XML data from untrusted sources 1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser 1703402 - CVE-2019-2692 mysql-connector-java: privilege escalation in MySQL connector 1705975 - CVE-2020-1714 keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution 1731271 - CVE-2019-10202 codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities 1738673 - CVE-2019-10219 hibernate-validator: safeHTML validator allows XSS 1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol 1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data 1780445 - CVE-2019-19343 Undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely 1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain 1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId 1799475 - CVE-2020-5398 springframework: RFD attack via Content-Disposition Header sourced from request input by Spring MVC or Spring WebFlux Application 1801149 - CVE-2019-13990 libquartz: XXE attacks via job description 1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation 1816170 - CVE-2019-12406 cxf: does not restrict the number of message attachments 1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes 1822759 - CVE-2020-1950 tika: excessive memory usage in PSDParser 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender 1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans 1848126 - CVE-2020-1960 apache-flink: JMX information disclosure vulnerability 1848433 - CVE-2020-11971 camel: DNS Rebinding in JMX Connector could result in remote command execution 1848464 - CVE-2020-11972 camel: RabbitMQ enables Java deserialization by default which could leed to remote code execution 1848465 - CVE-2020-11973 camel: Netty enables Java deserialization by default which could leed to remote code execution 1848617 - CVE-2019-17566 batik: SSRF via "xlink:href" 1850042 - CVE-2020-9489 tika-core: Denial of Service Vulnerabilities in Some of Apache Tika's Parsers 1850069 - CVE-2020-11989 shiro: spring dynamic controllers, a specially crafted request may cause an authentication bypass 1850450 - CVE-2020-11980 karaf: A remote client could create MBeans from arbitrary URLs 1852985 - CVE-2020-13692 postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML 1855786 - CVE-2020-11994 camel: server-side template injection and arbitrary file disclosure on templating components 1855826 - CVE-2020-14326 RESTEasy: Caching routes in RootNode may result in DoS 1864680 - CVE-2019-17638 jetty: double release of resource can lead to information disclosure 1869860 - CVE-2020-13933 shiro: specially crafted HTTP request may cause an authentication bypass 1879743 - CVE-2019-11777 org.eclipse.paho.client.mqttv3: Improper hostname validation in the MQTT library 5. References: https://access.redhat.com/security/cve/CVE-2018-1000873 https://access.redhat.com/security/cve/CVE-2019-0205 https://access.redhat.com/security/cve/CVE-2019-0210 https://access.redhat.com/security/cve/CVE-2019-2692 https://access.redhat.com/security/cve/CVE-2019-3773 https://access.redhat.com/security/cve/CVE-2019-3774 https://access.redhat.com/security/cve/CVE-2019-10202 https://access.redhat.com/security/cve/CVE-2019-10219 https://access.redhat.com/security/cve/CVE-2019-11777 https://access.redhat.com/security/cve/CVE-2019-12406 https://access.redhat.com/security/cve/CVE-2019-12423 https://access.redhat.com/security/cve/CVE-2019-13990 https://access.redhat.com/security/cve/CVE-2019-14900 https://access.redhat.com/security/cve/CVE-2019-17566 https://access.redhat.com/security/cve/CVE-2019-17638 https://access.redhat.com/security/cve/CVE-2019-19343 https://access.redhat.com/security/cve/CVE-2020-1714 https://access.redhat.com/security/cve/CVE-2020-1719 https://access.redhat.com/security/cve/CVE-2020-1950 https://access.redhat.com/security/cve/CVE-2020-1960 https://access.redhat.com/security/cve/CVE-2020-5398 https://access.redhat.com/security/cve/CVE-2020-7226 https://access.redhat.com/security/cve/CVE-2020-9488 https://access.redhat.com/security/cve/CVE-2020-9489 https://access.redhat.com/security/cve/CVE-2020-10683 https://access.redhat.com/security/cve/CVE-2020-10740 https://access.redhat.com/security/cve/CVE-2020-11612 https://access.redhat.com/security/cve/CVE-2020-11971 https://access.redhat.com/security/cve/CVE-2020-11972 https://access.redhat.com/security/cve/CVE-2020-11973 https://access.redhat.com/security/cve/CVE-2020-11980 https://access.redhat.com/security/cve/CVE-2020-11989 https://access.redhat.com/security/cve/CVE-2020-11994 https://access.redhat.com/security/cve/CVE-2020-13692 https://access.redhat.com/security/cve/CVE-2020-13933 https://access.redhat.com/security/cve/CVE-2020-14326 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.8.0 https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/ 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX9n5stzjgjWX9erEAQhLEA/+P1hIAPgSOz6uLDvvZvm73qyxbuISD92X kJ158V+IX64dMlCuUCfFFKiuRCsDzhCSi52P4m8q06OskS1QndEmjfSixER/pG8X YJKatVpbxbVE3V2U/wRRfrG/j18UhwNatS3VouvdKOXwQewWb0TaGwGJ9wdZLDMd 7owlOwqQ1dOh2AMS3NWAeNBSzQtfk0GUb61+V1WRdCBs/PII1roRJyZEGEBsIZtg z66CncAjMwL7zj/ZRYK7ogWL20HwMgCQ3oAHo1ENM5k6o7scqRArhMKPthdtF88y AwqPo8ocQCE5JB66tbUie6ze2sYPgBflWSJ0zEv3suyUbzLyO2d1utzyXn24ffYN 0F1gY0YFsLiNRZPfdtGx+cPB5dlBOnnJUOTXA1e87CXohPRKqWuqQaxChGQY8CiH ZiWg2U/NLuBgg7SkL1Vm9Fqfe06roAfDQLL4nnd8BcRkmhNWG7KL2ve2fRDbfqKT RH9x3XbHhD0cfvTFaEj0qVojsSCjVrE+SeJdluDY21kf0OxspVDMffQ0WD2cNVFh PgaQJt4ItTfkanw7cKs1GNH4WjMmpuAfe2lzR3JBLlkSvf7iqiPVIrIY+NAOHYG0 Mtx6d3mbwr91KjGg3lXOoM+tTFjOiCZMr/k7WIt3VllJpBP18cbAXeGtEmpMg+jA f8t2frnd7kM=jGVK -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

ForceControl general monitoring configuration software ForceControl is a general-purpose human-machine visual monitoring configuration software. Force Control FCControl has a denial of service vulnerability, which can be exploited by an attacker to cause the server to deny service.

Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC’s firmware files’ signatures are not verified upon firmware update. This allows an attacker to replace legitimate firmware files with malicious files. Opto 22 SoftPAC Project Exists in a digital signature validation vulnerability.Information may be tampered with. The product can provide functions such as industrial automation, process control, building automation, remote monitoring, data acquisition, and industrial Internet of Things

Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication does not include any credentials. This allows an attacker with network access to directly communicate with SoftPAC, including, for example, stopping the service remotely. Opto 22 SoftPAC Project Exists in a vulnerability related to lack of authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The product can provide functions such as industrial automation, process control, building automation, remote monitoring, data acquisition, and industrial Internet of Things. The vulnerability stems from the fact that no credentials are required when communicating with SoftPAC

Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service including updating SoftPAC firmware, starting or stopping service, or writing to certain registry values. Opto 22 SoftPAC Project Exists in a vulnerability related to lack of authentication.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. The product can provide functions such as industrial automation, process control, building automation, remote monitoring, data acquisition, and industrial Internet of Things. Opto 22 SoftPAC Project 9.6 and previous versions have an access control error vulnerability that originated from SoftPACAgent communicating with SoftPACMonitor through the 22000 network port, but the program does not place any restrictions on this open port

Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts. Opto 22 SoftPAC Project There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The product can provide functions such as industrial automation, process control, building automation, remote monitoring, data acquisition, and industrial Internet of Things

Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within the zip files used to update the SoftPAC firmware are not sanitized. As a result, an attacker with user privileges can gain arbitrary file write access with system access. Opto 22 SoftPAC Project Exists in a digital signature validation vulnerability.Information may be tampered with. The product can provide functions such as industrial automation, process control, building automation, remote monitoring, data acquisition, and industrial Internet of Things

There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway. Emerson Provides Emerson WirelessHART Gateway Contains improper access control vulnerabilities. Emerson WirelessHART Gateway Is Emerson It is an industrial wireless gateway device provided by