RHSA-2023:5486
Vulnerability Summary
Timeline
Description
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 9
CVSS Metrics
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Systems
- redhat•eap7-activemq-artemis
< 0:2.16.0-15.redhat_00049.1.el9eap
- redhat•eap7-activemq-artemis-cli
< 0:2.16.0-15.redhat_00049.1.el9eap
- redhat•eap7-activemq-artemis-commons
< 0:2.16.0-15.redhat_00049.1.el9eap
- redhat•eap7-activemq-artemis-core-client
< 0:2.16.0-15.redhat_00049.1.el9eap
- redhat•eap7-activemq-artemis-dto
< 0:2.16.0-15.redhat_00049.1.el9eap
- redhat•eap7-activemq-artemis-hornetq-protocol
< 0:2.16.0-15.redhat_00049.1.el9eap
- redhat•eap7-activemq-artemis-hqclient-protocol
< 0:2.16.0-15.redhat_00049.1.el9eap
- redhat•eap7-activemq-artemis-jdbc-store
< 0:2.16.0-15.redhat_00049.1.el9eap
- redhat•eap7-activemq-artemis-jms-client
< 0:2.16.0-15.redhat_00049.1.el9eap
- redhat•eap7-activemq-artemis-jms-server
< 0:2.16.0-15.redhat_00049.1.el9eap
- redhat•eap7-activemq-artemis-journal
< 0:2.16.0-15.redhat_00049.1.el9eap
- redhat•eap7-activemq-artemis-ra
< 0:2.16.0-15.redhat_00049.1.el9eap
- redhat•eap7-activemq-artemis-selector
< 0:2.16.0-15.redhat_00049.1.el9eap
- redhat•eap7-activemq-artemis-server
< 0:2.16.0-15.redhat_00049.1.el9eap
- redhat•eap7-activemq-artemis-service-extensions
< 0:2.16.0-15.redhat_00049.1.el9eap
- redhat•eap7-activemq-artemis-tools
< 0:2.16.0-15.redhat_00049.1.el9eap
- redhat•eap7-bouncycastle
< 0:1.76.0-4.redhat_00001.1.el9eap
- redhat•eap7-bouncycastle-mail
< 0:1.76.0-4.redhat_00001.1.el9eap
- redhat•eap7-bouncycastle-pg
< 0:1.76.0-4.redhat_00001.1.el9eap
- redhat•eap7-bouncycastle-pkix
< 0:1.76.0-4.redhat_00001.1.el9eap
- redhat•eap7-bouncycastle-prov
< 0:1.76.0-4.redhat_00001.1.el9eap
- redhat•eap7-bouncycastle-util
< 0:1.76.0-4.redhat_00001.1.el9eap
- redhat•eap7-hal-console
< 0:3.3.19-1.Final_redhat_00001.1.el9eap
- redhat•eap7-hibernate
< 0:5.3.31-1.Final_redhat_00001.1.el9eap
- redhat•eap7-hibernate-core
< 0:5.3.31-1.Final_redhat_00001.1.el9eap
- redhat•eap7-hibernate-envers
< 0:5.3.31-1.Final_redhat_00001.1.el9eap
- redhat•eap7-ironjacamar
< 0:1.5.15-1.Final_redhat_00001.1.el9eap
- redhat•eap7-ironjacamar-common-api
< 0:1.5.15-1.Final_redhat_00001.1.el9eap
- redhat•eap7-ironjacamar-common-impl
< 0:1.5.15-1.Final_redhat_00001.1.el9eap
- redhat•eap7-ironjacamar-common-spi
< 0:1.5.15-1.Final_redhat_00001.1.el9eap
- redhat•eap7-ironjacamar-core-api
< 0:1.5.15-1.Final_redhat_00001.1.el9eap
- redhat•eap7-ironjacamar-core-impl
< 0:1.5.15-1.Final_redhat_00001.1.el9eap
- redhat•eap7-ironjacamar-deployers-common
< 0:1.5.15-1.Final_redhat_00001.1.el9eap
- redhat•eap7-ironjacamar-jdbc
< 0:1.5.15-1.Final_redhat_00001.1.el9eap
- redhat•eap7-ironjacamar-validator
< 0:1.5.15-1.Final_redhat_00001.1.el9eap
- redhat•eap7-jboss-marshalling
< 0:2.0.13-2.SP1_redhat_00001.1.el9eap
- redhat•eap7-jboss-marshalling-river
< 0:2.0.13-2.SP1_redhat_00001.1.el9eap
- redhat•eap7-jboss-modules
< 0:1.12.2-1.Final_redhat_00001.1.el9eap
- redhat•eap7-jboss-server-migration
< 0:1.10.0-31.Final_redhat_00030.1.el9eap
- redhat•eap7-jboss-server-migration-cli
< 0:1.10.0-31.Final_redhat_00030.1.el9eap
- redhat•eap7-jboss-server-migration-core
< 0:1.10.0-31.Final_redhat_00030.1.el9eap
- redhat•eap7-jboss-xnio-base
< 0:3.8.10-1.Final_redhat_00001.1.el9eap
- redhat•eap7-mod_cluster
< 0:1.4.5-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty
< 0:4.1.94-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-buffer
< 0:4.1.94-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-codec
< 0:4.1.94-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-codec-dns
< 0:4.1.94-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-codec-haproxy
< 0:4.1.94-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-codec-http
< 0:4.1.94-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-codec-http2
< 0:4.1.94-1.Final_redhat_00001.1.el9eap
Showing first 50 affected entries in server-rendered view.
References (57)
- https://access.redhat.com/errata/RHSA-2023:5486
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/
- https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/
- https://bugzilla.redhat.com/show_bug.cgi?id=2182864
- https://bugzilla.redhat.com/show_bug.cgi?id=2213639
- https://bugzilla.redhat.com/show_bug.cgi?id=2215465
- https://bugzilla.redhat.com/show_bug.cgi?id=2216475
- https://bugzilla.redhat.com/show_bug.cgi?id=2216888
- https://bugzilla.redhat.com/show_bug.cgi?id=2219310
- https://bugzilla.redhat.com/show_bug.cgi?id=2228608
- https://issues.redhat.com/browse/JBEAP-24667
- https://issues.redhat.com/browse/JBEAP-24799
- https://issues.redhat.com/browse/JBEAP-24966
- https://issues.redhat.com/browse/JBEAP-24985
- https://issues.redhat.com/browse/JBEAP-25032
- https://issues.redhat.com/browse/JBEAP-25033
- https://issues.redhat.com/browse/JBEAP-25078
- https://issues.redhat.com/browse/JBEAP-25122
- https://issues.redhat.com/browse/JBEAP-25135
- https://issues.redhat.com/browse/JBEAP-25186
- https://issues.redhat.com/browse/JBEAP-25200
- https://issues.redhat.com/browse/JBEAP-25225
- https://issues.redhat.com/browse/JBEAP-25261
- https://issues.redhat.com/browse/JBEAP-25285
- https://issues.redhat.com/browse/JBEAP-25312
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5486.json
- https://access.redhat.com/security/cve/CVE-2022-25883
- https://www.cve.org/CVERecord?id=CVE-2022-25883
- https://nvd.nist.gov/vuln/detail/CVE-2022-25883
- https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
- https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://access.redhat.com/security/cve/CVE-2023-3171
- https://www.cve.org/CVERecord?id=CVE-2023-3171
- https://nvd.nist.gov/vuln/detail/CVE-2023-3171
- https://access.redhat.com/security/cve/CVE-2023-4061
- https://www.cve.org/CVERecord?id=CVE-2023-4061
- https://nvd.nist.gov/vuln/detail/CVE-2023-4061
- https://access.redhat.com/security/cve/CVE-2023-26136
- https://www.cve.org/CVERecord?id=CVE-2023-26136
- https://nvd.nist.gov/vuln/detail/CVE-2023-26136
- https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e
- https://github.com/salesforce/tough-cookie/issues/282
- https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3
- https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html
- https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873
- https://access.redhat.com/security/cve/CVE-2023-26464
- https://www.cve.org/CVERecord?id=CVE-2023-26464
- https://nvd.nist.gov/vuln/detail/CVE-2023-26464
- https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464
- https://access.redhat.com/security/cve/CVE-2023-33201
- https://www.cve.org/CVERecord?id=CVE-2023-33201
- https://nvd.nist.gov/vuln/detail/CVE-2023-33201
- https://github.com/bcgit/bc-java/wiki/CVE-2023-33201
- https://access.redhat.com/security/cve/CVE-2023-34462
- https://www.cve.org/CVERecord?id=CVE-2023-34462
- https://nvd.nist.gov/vuln/detail/CVE-2023-34462