Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2023:0554
HistoryJan 31, 2023 - 1:05 p.m.

(RHSA-2023:0554) Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update

2023-01-3113:05:09
access.redhat.com
39
red hat jboss
java applications
wildfly
security fix
prototype pollution
cross-site scripting
denial of service
remote code execution
java deserialization
xss vulnerability
timing attacks
parser crash
memory exhaustion
ssrf vulnerability

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.063

Percentile

93.8%

JSON

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

  • jquery: Prototype pollution in object’s prototype leading to denial of
    service, remote code execution, or property injection (CVE-2019-11358)

  • jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)

  • bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute
    (CVE-2018-14040)

  • jquery: Untrusted code execution via <option> tag in HTML passed to DOM
    manipulation methods (CVE-2020-11023)

  • jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
    (CVE-2020-11022)

  • bootstrap: XSS in the data-target attribute (CVE-2016-10735)

  • bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy
    (CVE-2018-14041)

  • sshd-common: mina-sshd: Java unsafe deserialization vulnerability
    (CVE-2022-45047)

  • woodstox-core: woodstox to serialise XML data was vulnerable to Denial of
    Service attacks (CVE-2022-40152)

  • bootstrap: Cross-site Scripting (XSS) in the data-container property of
    tooltip (CVE-2018-14042)

  • bootstrap: XSS in the tooltip or popover data-template attribute
    (CVE-2019-8331)

  • nodejs-moment: Regular expression denial of service (CVE-2017-18214)

  • wildfly-elytron: possible timing attacks via use of unsafe comparator
    (CVE-2022-3143)

  • jackson-databind: use of deeply nested arrays (CVE-2022-42004)

  • jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
    (CVE-2022-42003)

  • jettison: parser crash by stackoverflow (CVE-2022-40149)

  • jettison: memory exhaustion via user-supplied XML or JSON data
    (CVE-2022-40150)

  • jettison: If the value in map is the map’s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)

  • CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)

OSVersionArchitecturePackageVersionFilename
RedHat9noarcheap7-hibernate-search-serialization-avro< 5.10.13-3.Final_redhat_00001.1.el9eapeap7-hibernate-search-serialization-avro-5.10.13-3.Final_redhat_00001.1.el9eap.noarch.rpm
RedHat9noarcheap7-jboss-jsp-api_2.3_spec< 2.0.0-3.Final_redhat_00001.1.el9eapeap7-jboss-jsp-api_2.3_spec-2.0.0-3.Final_redhat_00001.1.el9eap.noarch.rpm
RedHat9noarcheap7-jackson-datatype-jsr310< 2.12.7-1.redhat_00003.1.el9eapeap7-jackson-datatype-jsr310-2.12.7-1.redhat_00003.1.el9eap.noarch.rpm
RedHat9noarcheap7-jackson-modules-base< 2.12.7-1.redhat_00003.1.el9eapeap7-jackson-modules-base-2.12.7-1.redhat_00003.1.el9eap.noarch.rpm
RedHat9noarcheap7-wildfly-javadocs< 7.4.9-4.GA_redhat_00003.1.el9eapeap7-wildfly-javadocs-7.4.9-4.GA_redhat_00003.1.el9eap.noarch.rpm
RedHat9noarcheap7-hibernate-search-backend-jms< 5.10.13-3.Final_redhat_00001.1.el9eapeap7-hibernate-search-backend-jms-5.10.13-3.Final_redhat_00001.1.el9eap.noarch.rpm
RedHat9noarcheap7-wildfly-elytron-tool< 1.15.16-1.Final_redhat_00001.1.el9eapeap7-wildfly-elytron-tool-1.15.16-1.Final_redhat_00001.1.el9eap.noarch.rpm
RedHat9noarcheap7-wildfly-modules< 7.4.9-4.GA_redhat_00003.1.el9eapeap7-wildfly-modules-7.4.9-4.GA_redhat_00003.1.el9eap.noarch.rpm
RedHat9noarcheap7-jboss-server-migration< 1.10.0-24.Final_redhat_00023.1.el9eapeap7-jboss-server-migration-1.10.0-24.Final_redhat_00023.1.el9eap.noarch.rpm
RedHat9noarcheap7-undertow-server< 1.9.3-1.Final_redhat_00001.1.el9eapeap7-undertow-server-1.9.3-1.Final_redhat_00001.1.el9eap.noarch.rpm
Rows per page:
1-10 of 451

Related

redhat 12
nessus 45
amazon 1
ics 1
hackerone 1
ibm 69
rocky 2
oraclelinux 4
osv 11
centos 1
almalinux 2
laminas 1
rubygems 3
atlassian 6
altlinux 1
ubuntu 1
debian 3
openvas 11
jvn 1
github 3
f5 1
ubuntucve 1
debiancve 1
cve 1
nvd 1
prion 1
gitlab 1
cvelist 1
gentoo 1
checkpoint_advisories 1
githubexploit 2
fedora 1
joomla 1
attackerkb 2
hp 2
suse 1
drupal 1
redhat
redhat
(RHSA-2023:0553) Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
2023-01-31 13:04:53
(RHSA-2023:0552) Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
2023-01-31 13:04:41
(RHSA-2023:0556) Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
2023-01-31 13:12:10
nessus
nessus
RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.9 Security update (Important) (RHSA-2023:0554)
2023-01-31 00:00:00
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.9 Security update (Important) (RHSA-2023:0552)
2023-01-31 00:00:00
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.9 Security update (Important) (RHSA-2023:0553)
2023-01-31 00:00:00
amazon
amazon
Medium: ipa
2020-10-22 17:40:00
ics
ics
Mitsubishi Electric EcoWebServerIII
2022-02-24 12:00:00
hackerone
hackerone
Sifchain: Vulnerable javascript dependency at Main domain
2021-05-07 20:48:11
ibm
ibm
Security Bulletin: Multiple vulnerabilities found in third party libraries used by IBM® MobileFirst Platform
2023-04-19 17:26:48
Security Bulletin: jQuery included in ITNM is vulnerable to Cross-site Scripting (XSS) attacks (multiple vulnerabilities)
2023-01-05 15:14:50
Security Bulletin: Vulnerability in jQuery affects IBM Process Mining (Multiple CVEs)
2023-02-01 21:57:35
rocky
rocky
idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-03 12:25:36
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-11-03 12:29:58
oraclelinux
oraclelinux
ipa security, bug fix, and enhancement update
2020-10-06 00:00:00
idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-10 00:00:00
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-11-10 00:00:00
osv
osv
Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-03 12:25:36
Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-03 12:25:36
libjettison-java vulnerabilities
2023-06-19 11:39:43
centos
centos
ipa, python2 security update
2020-10-20 18:15:27
almalinux
almalinux
Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-03 12:25:36
Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-11-03 12:29:58
laminas
laminas
XSS vectors in laminas-api-tools/api-tools
2020-04-01 21:30:00
rubygems
rubygems
XSS vulnerabilities via data-parent, data-target, data-container in bootstrap
2018-07-02 21:00:00
Bootstrap Cross-site Scripting vulnerability
2018-09-12 21:00:00
Bootstrap Cross-site Scripting vulnerability
2018-09-12 21:00:00
atlassian
atlassian
Update jQuery to avoid CVE-2020-11022, CVE-2020-11023, and CVE-2015-9251
2021-02-16 18:28:38
Jira uses vulnerable jQuery version CVE-2015-9251
2020-04-20 13:29:57
Update jQuery to avoid CVE-2020-11022 and CVE-2020-11023
2021-02-02 09:59:24
altlinux
altlinux
Security fix for the ALT Linux 9 package phpipam version 1.42.027-alt1
2020-10-21 00:00:00
ubuntu
ubuntu
Jettison vulnerabilities
2023-06-19 00:00:00
debian
debian
[SECURITY] [DSA 5312-1] libjettison-java security update
2023-01-10 23:10:35
[SECURITY] [DLA 2608-1] jquery security update
2021-03-26 01:32:22
[SECURITY] [DSA 4693-1] drupal7 security update
2020-05-26 21:08:21
openvas
openvas
Ubuntu: Security Advisory (USN-6177-1)
2023-06-20 00:00:00
Debian: Security Advisory (DSA-5312-1)
2023-01-12 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3995-1)
2022-11-16 00:00:00
jvn
jvn
JVN#06527859: KinagaCMS vulnerable to cross-site scripting
2019-03-15 00:00:00
github
github
Bootstrap Cross-site Scripting vulnerability
2018-09-13 15:50:32
Bootstrap Cross-site Scripting vulnerability
2018-09-13 15:49:56
Bootstrap Cross-site Scripting vulnerability
2019-01-17 13:57:27
f5
f5
K000133673 : Bootstrap vulnerability CVE-2016-10735
2023-04-27 00:00:00
ubuntucve
ubuntucve
CVE-2016-10735
2019-01-09 00:00:00
debiancve
debiancve
CVE-2016-10735
2019-01-09 05:29:00
cve
cve
CVE-2016-10735
2019-01-09 05:29:00
nvd
nvd
CVE-2016-10735
2019-01-09 05:29:00
prion
prion
Code injection
2019-01-09 05:29:00
gitlab
gitlab
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
2019-01-09 00:00:00
cvelist
cvelist
CVE-2016-10735
2019-01-09 05:00:00
gentoo
gentoo
FasterXML jackson-databind: Multiple vulnerabilities
2022-10-31 00:00:00
checkpoint_advisories
checkpoint_advisories
jQuery Cross Site Scripting (CVE-2020-11022; CVE-2020-11023)
2020-11-16 00:00:00
githubexploit
githubexploit
Exploit for Cross-site Scripting in Jquery
2020-04-14 19:12:01
Exploit for Cross-site Scripting in Jquery
2021-10-16 01:10:33
fedora
fedora
[SECURITY] Fedora 32 Update: drupal8-8.9.0-1.fc32
2020-06-16 01:32:24
joomla
joomla
[20200604] - Core - XSS in jQuery.htmlPrefilter
2020-04-10 00:00:00
attackerkb
attackerkb
CVE-2020-11023
2020-04-29 00:00:00
CVE-2020-11022
2020-04-29 00:00:00
hp
hp
HPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)
2020-09-17 00:00:00
Certain HP Printers and MFP products - Cross-Site Scripting (XSS)
2020-09-17 00:00:00
suse
suse
Security update for otrs (moderate)
2020-11-10 00:00:00
drupal
drupal
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002
2020-05-20 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.063

Percentile

93.8%

JSON
Related for RHSA-2023:0554
redhat12nessus45amazon1ics1hackerone1ibm69rocky2oraclelinux4osv11centos1almalinux2laminas1rubygems3atlassian6altlinux1ubuntu1debian3openvas11jvn1github3f51ubuntucve1debiancve1cve1nvd1prion1gitlab1cvelist1gentoo1checkpoint_advisories1githubexploit2fedora1joomla1attackerkb2hp2suse1drupal1