Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2021:2210
HistoryJun 02, 2021 - 1:46 p.m.

(RHSA-2021:2210) Moderate: EAP XP 1 security update to CVE fixes in the EAP 7.3.x base

2021-06-0213:46:47
access.redhat.com
84

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.006 Low

EPSS

Percentile

77.6%

JSON

These are CVE issues filed against XP1 releases that have been fixed in the underlying EAP 7.3.x base, so no changes to the EAP XP1 code base.

Security Fix(es):

  • velocity: arbitrary code execution when attacker is able to modify templates (CVE-2020-13936)

  • bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible (CVE-2020-28052)

  • jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client (CVE-2020-35510)

  • undertow: Possible regression in fix for CVE-2020-10687 (CVE-2021-20220)

  • wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client (CVE-2021-20250)

  • netty: Information disclosure via the local system temporary directory (CVE-2021-21290)

  • guava: local information disclosure via temporary directory created with unsafe permissions (CVE-2020-8908)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

nessus 31
redhat 16
ubuntucve 7
redhatcve 9
osv 20
github 9
nvd 9
prion 9
cve 9
debiancve 7
cvelist 9
freebsd 1
veracode 7
amazon 1
openvas 15
suse 1
mageia 4
ibm 24
debian 2
atlassian 1
githubexploit 2
cbl_mariner 2
cgr 1
ubuntu 1
wolfi 1
gentoo 1
nessus
nessus
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.3.6 (RHSA-2021:0874)
2021-03-17 00:00:00
RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.6 (RHSA-2021:0872)
2021-03-17 00:00:00
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.6 (RHSA-2021:0873)
2021-03-17 00:00:00
redhat
redhat
(RHSA-2021:0885) Moderate: Red Hat JBoss Enterprise Application Platform 7.3.6 security update
2021-03-16 13:12:46
(RHSA-2021:0874) Moderate: Red Hat JBoss Enterprise Application Platform 7.3.6 security update
2021-03-16 13:03:50
(RHSA-2021:0872) Moderate: Red Hat JBoss Enterprise Application Platform 7.3.6 security update
2021-03-16 13:02:17
ubuntucve
ubuntucve
CVE-2021-20220
2021-02-23 00:00:00
CVE-2020-28052
2020-12-18 00:00:00
CVE-2020-8908
2020-12-10 00:00:00
redhatcve
redhatcve
CVE-2021-20220
2021-02-04 00:51:57
CVE-2020-35510
2021-01-05 22:30:36
CVE-2020-28052
2021-01-05 14:33:33
osv
osv
CVE-2021-20220
2021-02-23 18:15:13
HTTP request smuggling in Undertow
2021-06-16 17:47:52
CVE-2020-35510
2021-06-02 14:15:09
github
github
HTTP request smuggling in Undertow
2021-06-16 17:47:52
Uncontrolled Resource Consumption in jboss-remoting
2022-03-18 17:58:30
Logic error in Legion of the Bouncy Castle BC Java
2021-04-30 16:14:15
nvd
nvd
CVE-2021-20220
2021-02-23 18:15:13
CVE-2020-35510
2021-06-02 14:15:09
CVE-2020-28052
2020-12-18 01:15:12
prion
prion
Design/Logic Flaw
2021-02-23 18:15:00
Input validation
2021-06-02 14:15:00
Design/Logic Flaw
2020-12-18 01:15:00
cve
cve
CVE-2021-20220
2021-02-23 18:15:13
CVE-2020-35510
2021-06-02 14:15:09
CVE-2020-28052
2020-12-18 01:15:12
debiancve
debiancve
CVE-2021-20220
2021-02-23 18:15:13
CVE-2020-13936
2021-03-10 08:15:14
CVE-2020-28052
2020-12-18 01:15:12
cvelist
cvelist
CVE-2021-20220
2021-02-23 17:21:44
CVE-2020-35510
2021-06-02 13:22:16
CVE-2020-28052
2020-12-18 00:52:48
freebsd
freebsd
bouncycastle15 -- bcrypt password checking vulnerability
2020-11-02 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-12-27 00:41:18
Remote Code Execution
2021-03-04 04:14:51
Insecure Password Matching
2020-12-18 08:45:52
amazon
amazon
Important: velocity
2021-07-14 20:45:00
openvas
openvas
Mageia: Security Advisory (MGASA-2021-0183)
2022-01-28 00:00:00
Huawei EulerOS: Security Advisory for velocity (EulerOS-SA-2021-1858)
2021-05-03 00:00:00
Huawei EulerOS: Security Advisory for velocity (EulerOS-SA-2021-2437)
2021-09-15 00:00:00
suse
suse
Security update for velocity (important)
2021-03-19 00:00:00
mageia
mageia
Updated velocity packages fix security vulnerability
2021-04-12 22:59:59
Updated guava packages fix security vulnerability
2021-01-10 22:46:12
Updated netty packages fix a security vulnerability
2021-03-15 00:20:42
ibm
ibm
Security Bulletin: IBM Match 360 is affected due to a denial of service due to vulnerability in Apache Velocity Engine [CVE-2020-13936]
2023-09-01 16:32:38
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Velocity
2024-06-26 10:47:34
Security Bulletin: Guava Google Core Libraries Vulnerability Affects IBM Control Center (CVE-2020-8908)
2021-05-14 21:12:08
debian
debian
[SECURITY] [DLA 2595-1] velocity security update
2021-03-17 12:25:07
[SECURITY] [DLA 2555-1] netty security update
2021-02-11 13:02:37
atlassian
atlassian
org.apache.velocity Vulnerability in Bitbucket Data Center and Server
2023-09-26 16:12:29
githubexploit
githubexploit
Exploit for CVE-2020-28052
2021-01-04 17:13:39
Exploit for CVE-2020-28052
2020-12-19 22:22:45
cbl_mariner
cbl_mariner
CVE-2020-8908 affecting package guava for versions less than 25.0-7
2023-09-13 02:10:38
CVE-2020-8908 affecting package guava 25.0-5
2024-07-05 21:08:40
cgr
cgr
CVE-2020-8908 vulnerabilities
2024-05-19 03:07:16
ubuntu
ubuntu
Velocity Engine vulnerability
2023-08-10 00:00:00
wolfi
wolfi
CVE-2020-8908 vulnerabilities
2024-07-05 21:08:40
gentoo
gentoo
Apache Velocity: Multiple vulnerabilities
2021-07-23 00:00:00

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.006 Low

EPSS

Percentile

77.6%

JSON
Related for RHSA-2021:2210
nessus31redhat16ubuntucve7redhatcve9osv20github9nvd9prion9cve9debiancve7cvelist9freebsd1veracode7amazon1openvas15suse1mageia4ibm24debian2atlassian1githubexploit2cbl_mariner2cgr1ubuntu1wolfi1gentoo1