Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2021:3516
HistorySep 13, 2021 - 5:30 p.m.

(RHSA-2021:3516) Important: EAP XP 2 security update to CVE fixes in the EAP 7.3.x base

2021-09-1317:30:33
access.redhat.com
28

0.002 Low

EPSS

Percentile

54.3%

JSON

These are CVE issues filed against XP2 releases that have been fixed in the underlying EAP 7.3.x base, so no changes to the EAP XP2 code base.

Security Fix(es):

  • undertow: buffer leak on incoming websocket PONG message may lead to DoS (CVE-2021-3690)

  • undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS (CVE-2021-3597)

  • jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate (CVE-2021-28170)

  • apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 (CVE-2021-29425)

  • wildfly-core: Invalid Sensitivity Classification of Vault Expression (CVE-2021-3644)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

redhat 26
nessus 27
cve 5
osv 12
debiancve 4
ubuntucve 4
cvelist 5
ibm 51
redhatcve 5
veracode 3
github 5
prion 5
nvd 5
amazon 1
openvas 5
ubuntu 1
attackerkb 1
suse 1
broadcom 1
debian 1
redos 6
oracle 9
redhat
redhat
(RHSA-2021:3471) Important: Red Hat JBoss Enterprise Application Platform 7.3.9 security update
2021-09-08 11:48:32
(RHSA-2021:3466) Important: Red Hat JBoss Enterprise Application Platform 7.3.9 security update on RHEL 6
2021-09-08 11:38:57
(RHSA-2021:3468) Important: Red Hat JBoss Enterprise Application Platform 7.3.9 security update on RHEL 8
2021-09-08 11:39:05
nessus
nessus
RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.9 security update on RHEL 6 (Important) (RHSA-2021:3466)
2022-09-15 00:00:00
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.9 security update on RHEL 7 (Important) (RHSA-2021:3467)
2022-09-15 00:00:00
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.3.9 security update on RHEL 8 (Important) (RHSA-2021:3468)
2022-09-15 00:00:00
cve
cve
CVE-2021-28170
2021-05-26 22:15:07
CVE-2021-29425
2021-04-13 07:15:12
CVE-2021-3690
2022-08-23 16:15:09
osv
osv
CVE-2021-28170
2021-05-26 22:15:07
Improper Input Validation in Jakarta Expression Language
2021-10-06 17:48:38
commons-io - security update
2021-08-12 00:00:00
debiancve
debiancve
CVE-2021-28170
2021-05-26 22:15:07
CVE-2021-29425
2021-04-13 07:15:12
CVE-2021-3597
2022-05-24 19:15:09
ubuntucve
ubuntucve
CVE-2021-28170
2021-05-26 00:00:00
CVE-2021-29425
2021-04-13 00:00:00
CVE-2021-3690
2022-08-23 00:00:00
cvelist
cvelist
CVE-2021-28170
2021-05-26 21:55:09
CVE-2021-29425 Possible limited path traversal vulnerabily in Apache Commons IO
2021-04-13 06:50:12
CVE-2021-3690
2022-08-23 15:50:35
ibm
ibm
Security Bulletin: IBM Sterling Control Center is vulnerable to remote attacker security restrictions bypass due to Eclipse EE4J Jakarta Expression Language (CVE-2021-28170)
2022-06-13 17:43:38
Security Bulletin: IBM Transparent Cloud Tiering is affected by a vulnerability in Apache Commons IO ( CVE-2021-29425)
2021-08-14 03:30:51
Security Bulletin: Vulnerability in commons-io affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2021-29425]
2023-03-31 11:54:32
redhatcve
redhatcve
CVE-2021-28170
2021-05-28 00:47:39
CVE-2021-29425
2021-04-12 21:16:13
CVE-2021-3690
2021-08-09 01:56:47
veracode
veracode
Insecure Token
2021-12-27 00:42:17
Directory Traversal
2021-04-13 06:39:15
Denial Of Service (DoS)
2021-12-27 00:41:34
github
github
Improper Input Validation in Jakarta Expression Language
2021-10-06 17:48:38
Path Traversal and Improper Input Validation in Apache Commons IO
2021-04-26 16:04:00
wildfly-core allows user with access to management interface to access vault expression, retrieve item from vault
2022-08-27 00:00:45
prion
prion
Code injection
2021-05-26 22:15:00
Path traversal
2021-04-13 07:15:00
Design/Logic Flaw
2022-08-23 16:15:00
nvd
nvd
CVE-2021-28170
2021-05-26 22:15:07
CVE-2021-29425
2021-04-13 07:15:12
CVE-2021-3690
2022-08-23 16:15:09
amazon
amazon
Medium: apache-commons-io
2023-05-25 17:41:00
openvas
openvas
openSUSE: Security Advisory for apache-commons-io (openSUSE-SU-2021:0605-1)
2021-04-24 00:00:00
Ubuntu: Security Advisory (USN-5095-1)
2021-09-30 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:1282-1)
2021-06-09 00:00:00
ubuntu
ubuntu
Apache Commons IO vulnerability
2021-09-29 00:00:00
attackerkb
attackerkb
CVE-2021-29425
2021-04-13 00:00:00
suse
suse
Security update for apache-commons-io (moderate)
2021-04-23 00:00:00
broadcom
broadcom
Apache Commons IO Vulnerability (CVE-2021-29425)
2023-12-18 00:00:00
debian
debian
[SECURITY] [DLA 2741-1] commons-io security update
2021-08-12 20:18:44
redos
redos
ROS-2-815
2021-09-08 00:00:00
ROS-2-604
2021-09-08 00:00:00
ROS-2-626
2021-09-08 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00

0.002 Low

EPSS

Percentile

54.3%

JSON
Related for RHSA-2021:3516
redhat26nessus27cve5osv12debiancve4ubuntucve4cvelist5ibm51redhatcve5veracode3github5prion5nvd5amazon1openvas5ubuntu1attackerkb1suse1broadcom1debian1redos6oracle9