RHSA-2023:1514
Vulnerability Summary
Timeline
Description
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 9 security update
CVSS Metrics
- v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Systems
- redhat•eap7-activemq-artemis-native
< 1:1.0.2-3.redhat_00004.1.el9eap
- redhat•eap7-apache-mime4j
< 0:0.8.9-1.redhat_00001.1.el9eap
- redhat•eap7-artemis-native
< 1:1.0.2-4.redhat_00004.1.el9eap
- redhat•eap7-artemis-native-wildfly
< 1:1.0.2-4.redhat_00004.1.el9eap
- redhat•eap7-artemis-wildfly-integration
< 0:1.0.7-1.redhat_00001.1.el9eap
- redhat•eap7-infinispan
< 0:11.0.17-1.Final_redhat_00001.1.el9eap
- redhat•eap7-infinispan-cachestore-jdbc
< 0:11.0.17-1.Final_redhat_00001.1.el9eap
- redhat•eap7-infinispan-cachestore-remote
< 0:11.0.17-1.Final_redhat_00001.1.el9eap
- redhat•eap7-infinispan-client-hotrod
< 0:11.0.17-1.Final_redhat_00001.1.el9eap
- redhat•eap7-infinispan-commons
< 0:11.0.17-1.Final_redhat_00001.1.el9eap
- redhat•eap7-infinispan-component-annotations
< 0:11.0.17-1.Final_redhat_00001.1.el9eap
- redhat•eap7-infinispan-core
< 0:11.0.17-1.Final_redhat_00001.1.el9eap
- redhat•eap7-infinispan-hibernate-cache-commons
< 0:11.0.17-1.Final_redhat_00001.1.el9eap
- redhat•eap7-infinispan-hibernate-cache-spi
< 0:11.0.17-1.Final_redhat_00001.1.el9eap
- redhat•eap7-infinispan-hibernate-cache-v53
< 0:11.0.17-1.Final_redhat_00001.1.el9eap
- redhat•eap7-ironjacamar
< 0:1.5.11-1.Final_redhat_00001.1.el9eap
- redhat•eap7-ironjacamar-common-api
< 0:1.5.11-1.Final_redhat_00001.1.el9eap
- redhat•eap7-ironjacamar-common-impl
< 0:1.5.11-1.Final_redhat_00001.1.el9eap
- redhat•eap7-ironjacamar-common-spi
< 0:1.5.11-1.Final_redhat_00001.1.el9eap
- redhat•eap7-ironjacamar-core-api
< 0:1.5.11-1.Final_redhat_00001.1.el9eap
- redhat•eap7-ironjacamar-core-impl
< 0:1.5.11-1.Final_redhat_00001.1.el9eap
- redhat•eap7-ironjacamar-deployers-common
< 0:1.5.11-1.Final_redhat_00001.1.el9eap
- redhat•eap7-ironjacamar-jdbc
< 0:1.5.11-1.Final_redhat_00001.1.el9eap
- redhat•eap7-ironjacamar-validator
< 0:1.5.11-1.Final_redhat_00001.1.el9eap
- redhat•eap7-jboss-ejb-client
< 0:4.0.50-1.Final_redhat_00001.1.el9eap
- redhat•eap7-jboss-el-api_3.0_spec
< 0:2.0.1-1.Final_redhat_00001.1.el9eap
- redhat•eap7-jboss-metadata
< 0:13.4.0-1.Final_redhat_00001.1.el9eap
- redhat•eap7-jboss-metadata-appclient
< 0:13.4.0-1.Final_redhat_00001.1.el9eap
- redhat•eap7-jboss-metadata-common
< 0:13.4.0-1.Final_redhat_00001.1.el9eap
- redhat•eap7-jboss-metadata-ear
< 0:13.4.0-1.Final_redhat_00001.1.el9eap
- redhat•eap7-jboss-metadata-ejb
< 0:13.4.0-1.Final_redhat_00001.1.el9eap
- redhat•eap7-jboss-metadata-web
< 0:13.4.0-1.Final_redhat_00001.1.el9eap
- redhat•eap7-jboss-server-migration
< 0:1.10.0-26.Final_redhat_00025.1.el9eap
- redhat•eap7-jboss-server-migration-cli
< 0:1.10.0-26.Final_redhat_00025.1.el9eap
- redhat•eap7-jboss-server-migration-core
< 0:1.10.0-26.Final_redhat_00025.1.el9eap
- redhat•eap7-jbossws-cxf
< 0:5.4.8-1.Final_redhat_00001.1.el9eap
- redhat•eap7-jbossws-spi
< 0:3.4.0-2.Final_redhat_00001.1.el9eap
- redhat•eap7-netty
< 0:4.1.86-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-buffer
< 0:4.1.86-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-codec
< 0:4.1.86-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-codec-dns
< 0:4.1.86-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-codec-haproxy
< 0:4.1.86-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-codec-http
< 0:4.1.86-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-codec-http2
< 0:4.1.86-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-codec-memcache
< 0:4.1.86-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-codec-mqtt
< 0:4.1.86-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-codec-redis
< 0:4.1.86-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-codec-smtp
< 0:4.1.86-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-codec-socks
< 0:4.1.86-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-codec-stomp
< 0:4.1.86-1.Final_redhat_00001.1.el9eap
Showing first 50 affected entries in server-rendered view.
References (68)
- https://access.redhat.com/errata/RHSA-2023:1514
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/
- https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/
- https://bugzilla.redhat.com/show_bug.cgi?id=2129710
- https://bugzilla.redhat.com/show_bug.cgi?id=2136141
- https://bugzilla.redhat.com/show_bug.cgi?id=2150009
- https://bugzilla.redhat.com/show_bug.cgi?id=2151988
- https://bugzilla.redhat.com/show_bug.cgi?id=2153260
- https://bugzilla.redhat.com/show_bug.cgi?id=2153379
- https://bugzilla.redhat.com/show_bug.cgi?id=2158916
- https://bugzilla.redhat.com/show_bug.cgi?id=2166004
- https://bugzilla.redhat.com/show_bug.cgi?id=2174246
- https://issues.redhat.com/browse/JBEAP-23572
- https://issues.redhat.com/browse/JBEAP-24122
- https://issues.redhat.com/browse/JBEAP-24172
- https://issues.redhat.com/browse/JBEAP-24182
- https://issues.redhat.com/browse/JBEAP-24220
- https://issues.redhat.com/browse/JBEAP-24254
- https://issues.redhat.com/browse/JBEAP-24292
- https://issues.redhat.com/browse/JBEAP-24339
- https://issues.redhat.com/browse/JBEAP-24341
- https://issues.redhat.com/browse/JBEAP-24363
- https://issues.redhat.com/browse/JBEAP-24372
- https://issues.redhat.com/browse/JBEAP-24380
- https://issues.redhat.com/browse/JBEAP-24383
- https://issues.redhat.com/browse/JBEAP-24384
- https://issues.redhat.com/browse/JBEAP-24385
- https://issues.redhat.com/browse/JBEAP-24395
- https://issues.redhat.com/browse/JBEAP-24507
- https://issues.redhat.com/browse/JBEAP-24574
- https://issues.redhat.com/browse/JBEAP-24588
- https://issues.redhat.com/browse/JBEAP-24605
- https://issues.redhat.com/browse/JBEAP-24618
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1514.json
- https://access.redhat.com/security/cve/CVE-2022-1471
- https://www.cve.org/CVERecord?id=CVE-2022-1471
- https://nvd.nist.gov/vuln/detail/CVE-2022-1471
- https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2
- https://access.redhat.com/security/cve/CVE-2022-4492
- https://www.cve.org/CVERecord?id=CVE-2022-4492
- https://nvd.nist.gov/vuln/detail/CVE-2022-4492
- https://access.redhat.com/security/cve/CVE-2022-38752
- https://www.cve.org/CVERecord?id=CVE-2022-38752
- https://nvd.nist.gov/vuln/detail/CVE-2022-38752
- https://access.redhat.com/security/cve/CVE-2022-41853
- https://www.cve.org/CVERecord?id=CVE-2022-41853
- https://nvd.nist.gov/vuln/detail/CVE-2022-41853
- http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control
- https://github.com/advisories/GHSA-77xx-rxvh-q682
- https://access.redhat.com/security/cve/CVE-2022-41854
- https://www.cve.org/CVERecord?id=CVE-2022-41854
- https://nvd.nist.gov/vuln/detail/CVE-2022-41854
- https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355
- https://access.redhat.com/security/cve/CVE-2022-41881
- https://www.cve.org/CVERecord?id=CVE-2022-41881
- https://nvd.nist.gov/vuln/detail/CVE-2022-41881
- https://access.redhat.com/security/cve/CVE-2022-45787
- https://www.cve.org/CVERecord?id=CVE-2022-45787
- https://nvd.nist.gov/vuln/detail/CVE-2022-45787
- https://access.redhat.com/security/cve/CVE-2023-0482
- https://www.cve.org/CVERecord?id=CVE-2023-0482
- https://nvd.nist.gov/vuln/detail/CVE-2023-0482
- https://access.redhat.com/security/cve/CVE-2023-1108
- https://www.cve.org/CVERecord?id=CVE-2023-1108
- https://nvd.nist.gov/vuln/detail/CVE-2023-1108
- https://github.com/advisories/GHSA-m4mm-pg93-fv78