RHSA-2023:0552
Vulnerability Summary
Timeline
Description
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
CVSS Metrics
- v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Systems
- redhat•eap7-apache-sshd
< 0:2.9.2-1.redhat_00001.1.el7eap
- redhat•eap7-elytron-web
< 0:1.9.3-1.Final_redhat_00001.1.el7eap
- redhat•eap7-hal-console
< 0:3.3.16-1.Final_redhat_00001.1.el7eap
- redhat•eap7-hibernate-search
< 0:5.10.13-3.Final_redhat_00001.1.el7eap
- redhat•eap7-hibernate-search-backend-jgroups
< 0:5.10.13-3.Final_redhat_00001.1.el7eap
- redhat•eap7-hibernate-search-backend-jms
< 0:5.10.13-3.Final_redhat_00001.1.el7eap
- redhat•eap7-hibernate-search-engine
< 0:5.10.13-3.Final_redhat_00001.1.el7eap
- redhat•eap7-hibernate-search-orm
< 0:5.10.13-3.Final_redhat_00001.1.el7eap
- redhat•eap7-hibernate-search-serialization-avro
< 0:5.10.13-3.Final_redhat_00001.1.el7eap
- redhat•eap7-ironjacamar
< 0:1.5.10-1.Final_redhat_00001.1.el7eap
- redhat•eap7-ironjacamar-common-api
< 0:1.5.10-1.Final_redhat_00001.1.el7eap
- redhat•eap7-ironjacamar-common-impl
< 0:1.5.10-1.Final_redhat_00001.1.el7eap
- redhat•eap7-ironjacamar-common-spi
< 0:1.5.10-1.Final_redhat_00001.1.el7eap
- redhat•eap7-ironjacamar-core-api
< 0:1.5.10-1.Final_redhat_00001.1.el7eap
- redhat•eap7-ironjacamar-core-impl
< 0:1.5.10-1.Final_redhat_00001.1.el7eap
- redhat•eap7-ironjacamar-deployers-common
< 0:1.5.10-1.Final_redhat_00001.1.el7eap
- redhat•eap7-ironjacamar-jdbc
< 0:1.5.10-1.Final_redhat_00001.1.el7eap
- redhat•eap7-ironjacamar-validator
< 0:1.5.10-1.Final_redhat_00001.1.el7eap
- redhat•eap7-jackson-annotations
< 0:2.12.7-1.redhat_00003.1.el7eap
- redhat•eap7-jackson-core
< 0:2.12.7-1.redhat_00003.1.el7eap
- redhat•eap7-jackson-databind
< 0:2.12.7-1.redhat_00003.1.el7eap
- redhat•eap7-jackson-datatype-jdk8
< 0:2.12.7-1.redhat_00003.1.el7eap
- redhat•eap7-jackson-datatype-jsr310
< 0:2.12.7-1.redhat_00003.1.el7eap
- redhat•eap7-jackson-jaxrs-base
< 0:2.12.7-1.redhat_00003.1.el7eap
- redhat•eap7-jackson-jaxrs-json-provider
< 0:2.12.7-1.redhat_00003.1.el7eap
- redhat•eap7-jackson-jaxrs-providers
< 0:2.12.7-1.redhat_00003.1.el7eap
- redhat•eap7-jackson-module-jaxb-annotations
< 0:2.12.7-1.redhat_00003.1.el7eap
- redhat•eap7-jackson-modules-base
< 0:2.12.7-1.redhat_00003.1.el7eap
- redhat•eap7-jackson-modules-java8
< 0:2.12.7-1.redhat_00003.1.el7eap
- redhat•eap7-javaee-security-soteria
< 0:1.0.1-3.redhat_00003.1.el7eap
- redhat•eap7-javaee-security-soteria-enterprise
< 0:1.0.1-3.redhat_00003.1.el7eap
- redhat•eap7-jboss-ejb-client
< 0:4.0.49-1.Final_redhat_00001.1.el7eap
- redhat•eap7-jboss-jsf-api_2.3_spec
< 0:3.0.0-6.SP07_redhat_00001.1.el7eap
- redhat•eap7-jboss-jsp-api_2.3_spec
< 0:2.0.0-3.Final_redhat_00001.1.el7eap
- redhat•eap7-jboss-remoting
< 0:5.0.27-1.Final_redhat_00001.1.el7eap
- redhat•eap7-jboss-server-migration
< 0:1.10.0-24.Final_redhat_00023.1.el7eap
- redhat•eap7-jboss-server-migration-cli
< 0:1.10.0-24.Final_redhat_00023.1.el7eap
- redhat•eap7-jboss-server-migration-core
< 0:1.10.0-24.Final_redhat_00023.1.el7eap
- redhat•eap7-jettison
< 0:1.5.2-1.redhat_00002.1.el7eap
- redhat•eap7-undertow
< 0:2.2.22-1.SP3_redhat_00001.1.el7eap
- redhat•eap7-undertow-server
< 0:1.9.3-1.Final_redhat_00001.1.el7eap
- redhat•eap7-wildfly
< 0:7.4.9-4.GA_redhat_00003.1.el7eap
- redhat•eap7-wildfly-elytron
< 0:1.15.16-1.Final_redhat_00001.1.el7eap
- redhat•eap7-wildfly-elytron-tool
< 0:1.15.16-1.Final_redhat_00001.1.el7eap
- redhat•eap7-wildfly-java-jdk11
< 0:7.4.9-4.GA_redhat_00003.1.el7eap
- redhat•eap7-wildfly-java-jdk8
< 0:7.4.9-4.GA_redhat_00003.1.el7eap
- redhat•eap7-wildfly-javadocs
< 0:7.4.9-4.GA_redhat_00003.1.el7eap
- redhat•eap7-wildfly-modules
< 0:7.4.9-4.GA_redhat_00003.1.el7eap
- redhat•eap7-woodstox-core
< 0:6.4.0-1.redhat_00001.1.el7eap
References (109)
- https://access.redhat.com/errata/RHSA-2023:0552
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/
- https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/
- https://bugzilla.redhat.com/show_bug.cgi?id=1399546
- https://bugzilla.redhat.com/show_bug.cgi?id=1553413
- https://bugzilla.redhat.com/show_bug.cgi?id=1601614
- https://bugzilla.redhat.com/show_bug.cgi?id=1601616
- https://bugzilla.redhat.com/show_bug.cgi?id=1601617
- https://bugzilla.redhat.com/show_bug.cgi?id=1668097
- https://bugzilla.redhat.com/show_bug.cgi?id=1686454
- https://bugzilla.redhat.com/show_bug.cgi?id=1701972
- https://bugzilla.redhat.com/show_bug.cgi?id=1828406
- https://bugzilla.redhat.com/show_bug.cgi?id=1850004
- https://bugzilla.redhat.com/show_bug.cgi?id=2124682
- https://bugzilla.redhat.com/show_bug.cgi?id=2134291
- https://bugzilla.redhat.com/show_bug.cgi?id=2135244
- https://bugzilla.redhat.com/show_bug.cgi?id=2135247
- https://bugzilla.redhat.com/show_bug.cgi?id=2135770
- https://bugzilla.redhat.com/show_bug.cgi?id=2135771
- https://bugzilla.redhat.com/show_bug.cgi?id=2145194
- https://bugzilla.redhat.com/show_bug.cgi?id=2155682
- https://bugzilla.redhat.com/show_bug.cgi?id=2155970
- https://issues.redhat.com/browse/JBEAP-23864
- https://issues.redhat.com/browse/JBEAP-23865
- https://issues.redhat.com/browse/JBEAP-23866
- https://issues.redhat.com/browse/JBEAP-23926
- https://issues.redhat.com/browse/JBEAP-24055
- https://issues.redhat.com/browse/JBEAP-24081
- https://issues.redhat.com/browse/JBEAP-24095
- https://issues.redhat.com/browse/JBEAP-24100
- https://issues.redhat.com/browse/JBEAP-24127
- https://issues.redhat.com/browse/JBEAP-24128
- https://issues.redhat.com/browse/JBEAP-24132
- https://issues.redhat.com/browse/JBEAP-24147
- https://issues.redhat.com/browse/JBEAP-24167
- https://issues.redhat.com/browse/JBEAP-24191
- https://issues.redhat.com/browse/JBEAP-24195
- https://issues.redhat.com/browse/JBEAP-24207
- https://issues.redhat.com/browse/JBEAP-24248
- https://issues.redhat.com/browse/JBEAP-24426
- https://issues.redhat.com/browse/JBEAP-24427
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0552.json
- https://access.redhat.com/security/cve/CVE-2015-9251
- https://www.cve.org/CVERecord?id=CVE-2015-9251
- https://nvd.nist.gov/vuln/detail/CVE-2015-9251
- https://access.redhat.com/security/cve/CVE-2016-10735
- https://www.cve.org/CVERecord?id=CVE-2016-10735
- https://nvd.nist.gov/vuln/detail/CVE-2016-10735
- https://access.redhat.com/security/cve/CVE-2017-18214
- https://www.cve.org/CVERecord?id=CVE-2017-18214
- https://nvd.nist.gov/vuln/detail/CVE-2017-18214
- https://access.redhat.com/security/cve/CVE-2018-14040
- https://www.cve.org/CVERecord?id=CVE-2018-14040
- https://nvd.nist.gov/vuln/detail/CVE-2018-14040
- https://access.redhat.com/security/cve/CVE-2018-14041
- https://www.cve.org/CVERecord?id=CVE-2018-14041
- https://nvd.nist.gov/vuln/detail/CVE-2018-14041
- https://access.redhat.com/security/cve/CVE-2018-14042
- https://www.cve.org/CVERecord?id=CVE-2018-14042
- https://nvd.nist.gov/vuln/detail/CVE-2018-14042
- https://access.redhat.com/security/cve/CVE-2019-8331
- https://www.cve.org/CVERecord?id=CVE-2019-8331
- https://nvd.nist.gov/vuln/detail/CVE-2019-8331
- https://access.redhat.com/security/cve/CVE-2019-11358
- https://www.cve.org/CVERecord?id=CVE-2019-11358
- https://nvd.nist.gov/vuln/detail/CVE-2019-11358
- https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
- https://www.drupal.org/sa-core-2019-006
- https://access.redhat.com/security/cve/CVE-2020-11022
- https://www.cve.org/CVERecord?id=CVE-2020-11022
- https://nvd.nist.gov/vuln/detail/CVE-2020-11022
- https://github.com/advisories/GHSA-gxr4-xjj5-5px2
- https://access.redhat.com/security/cve/CVE-2020-11023
- https://www.cve.org/CVERecord?id=CVE-2020-11023
- https://nvd.nist.gov/vuln/detail/CVE-2020-11023
- https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- https://access.redhat.com/security/cve/CVE-2022-3143
- https://www.cve.org/CVERecord?id=CVE-2022-3143
- https://nvd.nist.gov/vuln/detail/CVE-2022-3143
- https://access.redhat.com/security/cve/CVE-2022-40149
- https://www.cve.org/CVERecord?id=CVE-2022-40149
- https://nvd.nist.gov/vuln/detail/CVE-2022-40149
- https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1
- https://access.redhat.com/security/cve/CVE-2022-40150
- https://www.cve.org/CVERecord?id=CVE-2022-40150
- https://nvd.nist.gov/vuln/detail/CVE-2022-40150
- https://access.redhat.com/security/cve/CVE-2022-40152
- https://www.cve.org/CVERecord?id=CVE-2022-40152
- https://nvd.nist.gov/vuln/detail/CVE-2022-40152
- https://github.com/advisories/GHSA-3f7h-mf4q-vrm4
- https://access.redhat.com/security/cve/CVE-2022-42003
- https://www.cve.org/CVERecord?id=CVE-2022-42003
- https://nvd.nist.gov/vuln/detail/CVE-2022-42003
- https://access.redhat.com/security/cve/CVE-2022-42004
- https://www.cve.org/CVERecord?id=CVE-2022-42004
- https://nvd.nist.gov/vuln/detail/CVE-2022-42004
- https://access.redhat.com/security/cve/CVE-2022-45047
- https://www.cve.org/CVERecord?id=CVE-2022-45047
- https://nvd.nist.gov/vuln/detail/CVE-2022-45047
- https://www.mail-archive.com/dev@mina.apache.org/msg39312.html
- https://access.redhat.com/security/cve/CVE-2022-45693
- https://www.cve.org/CVERecord?id=CVE-2022-45693
- https://nvd.nist.gov/vuln/detail/CVE-2022-45693
- https://access.redhat.com/security/cve/CVE-2022-46364
- https://www.cve.org/CVERecord?id=CVE-2022-46364
- https://nvd.nist.gov/vuln/detail/CVE-2022-46364
- https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2