CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
87.3%
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3453 advisory.
IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.
This update upgrades IBM Java SE 8 to version 8 SR5-FP5.
Security Fix(es):
* This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security Vulnerabilities page listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2016-10165, CVE-2017-1289, CVE-2017-3509, CVE-2017-3511, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544, CVE-2017-10053, CVE-2017-10067, CVE-2017-10078, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10115, CVE-2017-10116, CVE-2017-10243, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10309, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388)
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For this update to take effect, Red Hat Satellite must be restarted (/usr/sbin/rhn-satellite restart). All running instances of IBM Java must be restarted for this update to take effect.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2017:3453. The text
# itself is copyright (C) Red Hat, Inc.
#
include('compat.inc');
if (description)
{
script_id(105267);
script_version("3.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/03");
script_cve_id(
"CVE-2016-10165",
"CVE-2016-9840",
"CVE-2016-9841",
"CVE-2016-9842",
"CVE-2016-9843",
"CVE-2017-10053",
"CVE-2017-10067",
"CVE-2017-10078",
"CVE-2017-10087",
"CVE-2017-10089",
"CVE-2017-10090",
"CVE-2017-10096",
"CVE-2017-10101",
"CVE-2017-10102",
"CVE-2017-10105",
"CVE-2017-10107",
"CVE-2017-10108",
"CVE-2017-10109",
"CVE-2017-10110",
"CVE-2017-10115",
"CVE-2017-10116",
"CVE-2017-10243",
"CVE-2017-10281",
"CVE-2017-10285",
"CVE-2017-10295",
"CVE-2017-10309",
"CVE-2017-10345",
"CVE-2017-10346",
"CVE-2017-10347",
"CVE-2017-10348",
"CVE-2017-10349",
"CVE-2017-10350",
"CVE-2017-10355",
"CVE-2017-10356",
"CVE-2017-10357",
"CVE-2017-10388",
"CVE-2017-1289",
"CVE-2017-3509",
"CVE-2017-3511",
"CVE-2017-3533",
"CVE-2017-3539",
"CVE-2017-3544"
);
script_xref(name:"RHSA", value:"2017:3453");
script_name(english:"RHEL 6 : java-1.8.0-ibm (RHSA-2017:3453)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates for java-1.8.0-ibm.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2017:3453 advisory.
IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM
Java Software Development Kit.
This update upgrades IBM Java SE 8 to version 8 SR5-FP5.
Security Fix(es):
* This update fixes multiple vulnerabilities in the IBM Java Runtime
Environment and the IBM Java Software Development Kit. Further information
about these flaws can be found on the IBM Java Security Vulnerabilities
page listed in the References section. (CVE-2016-9840, CVE-2016-9841,
CVE-2016-9842, CVE-2016-9843, CVE-2016-10165, CVE-2017-1289, CVE-2017-3509,
CVE-2017-3511, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544, CVE-2017-10053,
CVE-2017-10067, CVE-2017-10078, CVE-2017-10087, CVE-2017-10089,
CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102,
CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109,
CVE-2017-10110, CVE-2017-10115, CVE-2017-10116, CVE-2017-10243,
CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10309,
CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348,
CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356,
CVE-2017-10357, CVE-2017-10388)
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
For this update to take effect, Red Hat Satellite must be restarted
(/usr/sbin/rhn-satellite restart). All running instances of IBM Java must
be restarted for this update to take effect.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://access.redhat.com/security/data/csaf/v2/advisories/2017/rhsa-2017_3453.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e54895e4");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2017:3453");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#important");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1367357");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1402345");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1402346");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1402348");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1402351");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1443007");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1443052");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1443068");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1443083");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1443097");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1449603");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1471266");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1471270");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1471517");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1471521");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1471523");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1471527");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1471528");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1471535");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1471670");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1471738");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1471851");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1471888");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1471889");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1471898");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1472345");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1472666");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1472667");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1501868");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1501873");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1502038");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1502611");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1502614");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1502629");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1502632");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1502640");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1502649");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1502687");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1502858");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1502869");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1503169");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1503319");
script_set_attribute(attribute:"solution", value:
"Update the RHEL java-1.8.0-ibm package based on the guidance in RHSA-2017:3453.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-9843");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(113, 125, 20, 287, 327, 345, 385, 426, 611, 770);
script_set_attribute(attribute:"vendor_severity", value:"Important");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/02/03");
script_set_attribute(attribute:"patch_publication_date", value:"2017/12/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/15");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2017-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("redhat_repos.nasl", "ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'repo_relative_urls': [
'content/dist/rhel/server/6/6Server/x86_64/satellite/5.8/debug',
'content/dist/rhel/server/6/6Server/x86_64/satellite/5.8/os',
'content/dist/rhel/server/6/6Server/x86_64/satellite/5.8/source/SRPMS',
'content/dist/rhel/system-z/6/6Server/s390x/satellite/5.8/debug',
'content/dist/rhel/system-z/6/6Server/s390x/satellite/5.8/os',
'content/dist/rhel/system-z/6/6Server/s390x/satellite/5.8/source/SRPMS'
],
'pkgs': [
{'reference':'java-1.8.0-ibm-1.8.0.5.5-1jpp.1.el6_9', 'cpu':'s390x', 'release':'6', 'el_string':'el6_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-ibm-1.8.0.5.5-1jpp.1.el6_9', 'cpu':'x86_64', 'release':'6', 'el_string':'el6_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-ibm-devel-1.8.0.5.5-1jpp.1.el6_9', 'cpu':'s390x', 'release':'6', 'el_string':'el6_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-ibm-devel-1.8.0.5.5-1jpp.1.el6_9', 'cpu':'x86_64', 'release':'6', 'el_string':'el6_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'java-1.8.0-ibm / java-1.8.0-ibm-devel');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10165
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9840
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9841
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9842
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9843
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10053
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10067
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10078
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10087
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10089
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10090
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10096
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10101
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10102
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10105
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10107
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10108
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10109
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10110
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10115
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10116
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10243
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10281
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10285
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10295
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10309
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10345
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10346
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10347
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10348
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10349
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10350
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10355
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10356
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10357
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10388
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1289
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3509
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3511
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3533
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3539
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3544
www.nessus.org/u?e54895e4
access.redhat.com/errata/RHSA-2017:3453
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1367357
bugzilla.redhat.com/show_bug.cgi?id=1402345
bugzilla.redhat.com/show_bug.cgi?id=1402346
bugzilla.redhat.com/show_bug.cgi?id=1402348
bugzilla.redhat.com/show_bug.cgi?id=1402351
bugzilla.redhat.com/show_bug.cgi?id=1443007
bugzilla.redhat.com/show_bug.cgi?id=1443052
bugzilla.redhat.com/show_bug.cgi?id=1443068
bugzilla.redhat.com/show_bug.cgi?id=1443083
bugzilla.redhat.com/show_bug.cgi?id=1443097
bugzilla.redhat.com/show_bug.cgi?id=1449603
bugzilla.redhat.com/show_bug.cgi?id=1471266
bugzilla.redhat.com/show_bug.cgi?id=1471270
bugzilla.redhat.com/show_bug.cgi?id=1471517
bugzilla.redhat.com/show_bug.cgi?id=1471521
bugzilla.redhat.com/show_bug.cgi?id=1471523
bugzilla.redhat.com/show_bug.cgi?id=1471527
bugzilla.redhat.com/show_bug.cgi?id=1471528
bugzilla.redhat.com/show_bug.cgi?id=1471535
bugzilla.redhat.com/show_bug.cgi?id=1471670
bugzilla.redhat.com/show_bug.cgi?id=1471738
bugzilla.redhat.com/show_bug.cgi?id=1471851
bugzilla.redhat.com/show_bug.cgi?id=1471888
bugzilla.redhat.com/show_bug.cgi?id=1471889
bugzilla.redhat.com/show_bug.cgi?id=1471898
bugzilla.redhat.com/show_bug.cgi?id=1472345
bugzilla.redhat.com/show_bug.cgi?id=1472666
bugzilla.redhat.com/show_bug.cgi?id=1472667
bugzilla.redhat.com/show_bug.cgi?id=1501868
bugzilla.redhat.com/show_bug.cgi?id=1501873
bugzilla.redhat.com/show_bug.cgi?id=1502038
bugzilla.redhat.com/show_bug.cgi?id=1502611
bugzilla.redhat.com/show_bug.cgi?id=1502614
bugzilla.redhat.com/show_bug.cgi?id=1502629
bugzilla.redhat.com/show_bug.cgi?id=1502632
bugzilla.redhat.com/show_bug.cgi?id=1502640
bugzilla.redhat.com/show_bug.cgi?id=1502649
bugzilla.redhat.com/show_bug.cgi?id=1502687
bugzilla.redhat.com/show_bug.cgi?id=1502858
bugzilla.redhat.com/show_bug.cgi?id=1502869
bugzilla.redhat.com/show_bug.cgi?id=1503169
bugzilla.redhat.com/show_bug.cgi?id=1503319
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
87.3%