Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2021:0811
HistoryMar 11, 2021 - 5:45 p.m.

(RHSA-2021:0811) Low: Red Hat Integration Tech-Preview 3 Camel K security update

2021-03-1117:45:46
access.redhat.com
78

0.004 Low

EPSS

Percentile

72.5%

JSON

This release of Red Hat Integration - Camel K - Tech-Preview 3 serves as a replacement for tech-preview 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

  • jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649)

  • cassandra: allows manipulation of the RMI registry to perform a MITM attack and capture user names and passwords used to access the JMX interface (CVE-2020-13946)

  • apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

photon 4
nessus 37
ibm 61
veracode 3
debian 3
atlassian 3
ubuntucve 2
osv 15
openvas 9
redhat 23
cve 3
cvelist 3
debiancve 2
cgr 2
amazon 1
wolfi 2
nvd 3
github 4
almalinux 2
ubuntu 1
rocky 2
oraclelinux 2
fedora 1
prion 3
redhatcve 3
mageia 1
f5 1
freebsd 1
suse 1
threatpost 1
photon
photon
Moderate Photon OS Security Update - PHSA-2020-0179
2020-12-16 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0348
2020-12-16 00:00:00
Moderate Photon OS Security Update - PHSA-2020-3.0-0179
2020-12-16 00:00:00
nessus
nessus
Photon OS 3.0: Cassandra PHSA-2020-3.0-0179
2020-12-22 00:00:00
Photon OS 1.0: Cassandra PHSA-2020-1.0-0348
2020-12-22 00:00:00
RHEL 6 / 7 / 8 : Red Hat JBoss Enterprise Application Platform 7.3 (RHSA-2020:4401)
2020-10-29 00:00:00
ibm
ibm
Security Bulletin: Vulnerability in Apache Cassandra affecting Watson Knowledge Catalog for IBM Cloud Pak for Data
2021-01-13 21:08:38
Security Bulletin: IBM Network Performance Insight 1.3.1 affected by Apache Cassandra vulnerability (CVE-2020-13946)
2021-02-01 11:08:57
Security Bulletin: IBM Event Streams is affected by potential data integrity issue (CVE-2020-25649)
2021-10-04 14:10:01
veracode
veracode
Man-in-the-Middle (MitM)
2020-09-02 07:26:22
XML External Entity (XXE)
2020-10-15 05:10:32
Validation Bypass
2020-10-12 04:02:04
debian
debian
[SECURITY] [DLA 2406-1] jackson-databind security update
2020-10-14 10:31:09
[SECURITY] [DLA 2405-1] httpcomponents-client security update
2020-10-10 17:12:02
[SECURITY] [DSA 4772-1] httpcomponents-client security update
2020-10-14 20:21:34
atlassian
atlassian
XXE (XML External Entity Injection) jackson-databind in Jira Software Data Center and Server
2023-12-07 21:45:20
Update Atlassian Platform to 3.5.19 to fix CVE-2018-1000613, CVE-2019-17571 and other vulnerabilities
2021-02-03 22:39:15
Update Atlassian Platform to 3.5.19 to fix CVE-2018-1000613, CVE-2019-17571 and other vulnerabilities
2021-02-03 22:39:15
ubuntucve
ubuntucve
CVE-2020-25649
2020-12-03 00:00:00
CVE-2020-13956
2020-12-02 00:00:00
osv
osv
CVE-2020-25649
2020-12-03 17:15:12
jackson-databind - security update
2020-10-14 00:00:00
Moderate: maven:3.6 security and enhancement update
2022-05-10 08:04:46
openvas
openvas
Debian: Security Advisory (DLA-2406-1)
2020-10-15 00:00:00
Fedora: Security Advisory for jackson-databind (FEDORA-2021-1d8254899c)
2021-02-10 00:00:00
Debian: Security Advisory (DLA-2405-1)
2020-10-11 00:00:00
redhat
redhat
(RHSA-2020:4312) Important: rh-maven35-jackson-databind security update
2020-10-22 16:23:56
(RHSA-2020:4402) Important: Red Hat JBoss Enterprise Application Platform 7.3 security update
2020-10-28 21:02:44
(RHSA-2021:1260) Low: Red Hat AMQ Streams 1.7.0 release and security update
2021-04-19 17:59:54
cve
cve
CVE-2020-25649
2020-12-03 17:15:12
CVE-2020-13956
2020-12-02 17:15:14
CVE-2020-13946
2020-09-01 21:15:11
cvelist
cvelist
CVE-2020-25649
2020-12-03 16:16:50
CVE-2020-13956
2020-12-02 16:20:12
CVE-2020-13946
2020-09-01 20:49:32
debiancve
debiancve
CVE-2020-25649
2020-12-03 17:15:12
CVE-2020-13956
2020-12-02 17:15:14
cgr
cgr
CVE-2020-13956 vulnerabilities
2024-05-19 03:07:16
CVE-2020-25649 vulnerabilities
2024-05-19 03:07:16
amazon
amazon
Medium: httpcomponents-client
2023-02-17 00:11:00
wolfi
wolfi
CVE-2020-25649 vulnerabilities
2024-05-29 03:07:31
CVE-2020-13956 vulnerabilities
2024-07-01 09:08:36
nvd
nvd
CVE-2020-25649
2020-12-03 17:15:12
CVE-2020-13956
2020-12-02 17:15:14
CVE-2020-13946
2020-09-01 21:15:11
github
github
XML External Entity (XXE) Injection in Jackson Databind
2021-02-18 20:51:54
Vulnerable dependency in XTDB connector
2021-12-16 18:53:32
Cross-site scripting in Apache HttpClient
2021-06-03 23:40:23
almalinux
almalinux
Moderate: maven:3.6 security and enhancement update
2022-05-10 08:04:46
Moderate: maven:3.5 security update
2022-05-10 08:04:48
ubuntu
ubuntu
HttpClient vulnerability
2022-08-08 00:00:00
rocky
rocky
maven:3.5 security update
2022-05-10 08:04:48
maven:3.6 security and enhancement update
2022-05-10 08:04:46
oraclelinux
oraclelinux
maven:3.5 security update
2022-05-17 00:00:00
maven:3.6 security and enhancement update
2022-05-17 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: jackson-databind-2.10.5.1-1.fc32
2021-02-10 01:30:26
prion
prion
Xxe
2020-12-03 17:15:00
Cross site request forgery (csrf)
2020-12-02 17:15:00
Design/Logic Flaw
2020-09-01 21:15:00
redhatcve
redhatcve
CVE-2020-25649
2020-10-13 20:16:54
CVE-2020-13956
2020-10-08 20:22:11
CVE-2020-13946
2020-09-04 13:56:20
mageia
mageia
Updated httpcomponents-client packages fix a security vulnerability
2021-07-07 02:12:30
f5
f5
K36212405 : Apache Cassandra vulnerability CVE-2020-13946
2021-07-13 00:00:00
freebsd
freebsd
Apache Maven -- multiple vulnerabilities
2021-04-04 00:00:00
suse
suse
Security update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core (important)
2022-05-16 00:00:00
threatpost
threatpost
IBM Squashes Critical Remote Code-Execution Flaw
2021-02-23 19:36:32

0.004 Low

EPSS

Percentile

72.5%

JSON
Related for RHSA-2021:0811
photon4nessus37ibm61veracode3debian3atlassian3ubuntucve2osv15openvas9redhat23cve3cvelist3debiancve2cgr2amazon1wolfi2nvd3github4almalinux2ubuntu1rocky2oraclelinux2fedora1prion3redhatcve3mageia1f51freebsd1suse1threatpost1