Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2024:0710
HistoryFeb 06, 2024 - 7:47 p.m.

(RHSA-2024:0710) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.15 Security update

2024-02-0619:47:42
access.redhat.com
42
red hat jboss enterprise application platform
security update
java applications
santuario
jgit
cve-2023-44483
cve-2023-4759
cvss score
references
bug fixes

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0.002

Percentile

58.0%

JSON

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.15 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.14, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.15 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

  • santuario: Private Key disclosure in debug-log output [eap-7.4.z] (CVE-2023-44483)

  • jgit: arbitrary file overwrite [eap-7.4.z] (CVE-2023-4759)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7noarcheap7-resteasy-json-binding-provider< 3.15.9-1.Final_redhat_00001.1.el7eapeap7-resteasy-json-binding-provider-3.15.9-1.Final_redhat_00001.1.el7eap.noarch.rpm
RedHat7noarcheap7-ironjacamar-common-spi< 1.5.16-1.Final_redhat_00001.1.el7eapeap7-ironjacamar-common-spi-1.5.16-1.Final_redhat_00001.1.el7eap.noarch.rpm
RedHat7noarcheap7-resteasy-jackson-provider< 3.15.9-1.Final_redhat_00001.1.el7eapeap7-resteasy-jackson-provider-3.15.9-1.Final_redhat_00001.1.el7eap.noarch.rpm
RedHat7noarcheap7-resteasy-jettison-provider< 3.15.9-1.Final_redhat_00001.1.el7eapeap7-resteasy-jettison-provider-3.15.9-1.Final_redhat_00001.1.el7eap.noarch.rpm
RedHat7noarcheap7-resteasy-cdi< 3.15.9-1.Final_redhat_00001.1.el7eapeap7-resteasy-cdi-3.15.9-1.Final_redhat_00001.1.el7eap.noarch.rpm
RedHat7noarcheap7-wildfly-javadocs< 7.4.15-2.GA_redhat_00002.1.el7eapeap7-wildfly-javadocs-7.4.15-2.GA_redhat_00002.1.el7eap.noarch.rpm
RedHat7noarcheap7-hibernate-envers< 5.3.33-2.Final_redhat_00001.1.el7eapeap7-hibernate-envers-5.3.33-2.Final_redhat_00001.1.el7eap.noarch.rpm
RedHat7noarcheap7-log4j2-jboss-logmanager< 1.1.2-1.Final_redhat_00002.1.el7eapeap7-log4j2-jboss-logmanager-1.1.2-1.Final_redhat_00002.1.el7eap.noarch.rpm
RedHat7noarcheap7-eclipse-jgit< 5.13.2-1.SP1_redhat_00001.1.el7eapeap7-eclipse-jgit-5.13.2-1.SP1_redhat_00001.1.el7eap.noarch.rpm
RedHat7noarcheap7-jbossws-spi< 3.4.0-4.Final_redhat_00002.1.el7eapeap7-jbossws-spi-3.4.0-4.Final_redhat_00002.1.el7eap.noarch.rpm
Rows per page:
1-10 of 551

Related

redhat 13
nessus 11
osv 8
ibm 45
nvd 3
prion 2
debiancve 2
ubuntucve 2
redhatcve 2
vulnrichment 2
github 2
cgr 1
veracode 2
cve 3
wolfi 1
cvelist 2
openvas 2
atlassian 1
oracle 3
redhat
redhat
(RHSA-2024:0714) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.15 Security update
2024-02-06 19:53:54
(RHSA-2024:0712) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.15 security update
2024-02-06 19:47:54
(RHSA-2024:0711) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.15 Security update
2024-02-06 19:47:48
nessus
nessus
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.15 Security update (Moderate) (RHSA-2024:0711)
2024-02-07 00:00:00
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.15 Security update (Moderate) (RHSA-2024:0710)
2024-02-07 00:00:00
RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.15 (RHSA-2024:0712)
2024-02-07 00:00:00
osv
osv
CGA-mcc2-jcp7-fh6p
2024-06-06 12:26:10
CGA-453v-gv28-777p
2024-06-06 12:22:21
Apache Santuario - XML Security for Java are vulnerable to private key disclosure
2023-10-20 12:31:04
ibm
ibm
Security Bulletin: IBM Security Guardium is affected by an information leak vulnerability (CVE-2023-44483)
2024-01-24 18:41:05
Security Bulletin: Information disclosure vulnerability in IBM WebSphere Application Server Liberty affect IBM Business Automation Workflow - CVE-2023-44483
2024-03-01 16:21:57
Security Bulletin: IBM Maximo Application Predict Component uses WebSphere Application Server Liberty is vulnerable to information disclosure due to Apache Santuario which is vulnerable to CVE-2023-44483
2024-02-28 13:48:11
nvd
nvd
CVE-2023-44483
2023-10-20 10:15:12
CVE-2023-4759
2023-09-12 10:15:29
CVE-2024-41807
2024-07-26 16:15:03
prion
prion
Code injection
2023-10-20 10:15:00
Design/Logic Flaw
2023-09-12 10:15:00
debiancve
debiancve
CVE-2023-44483
2023-10-20 10:15:12
CVE-2023-4759
2023-09-12 10:15:29
ubuntucve
ubuntucve
CVE-2023-44483
2023-10-20 00:00:00
CVE-2023-4759
2023-09-12 00:00:00
redhatcve
redhatcve
CVE-2023-44483
2023-10-27 12:29:31
CVE-2023-4759
2023-09-12 19:54:09
vulnrichment
vulnrichment
CVE-2023-44483 Apache Santuario: Private Key disclosure in debug-log output
2023-10-20 09:23:53
CVE-2023-4759 Improper handling of case insensitive filesystems in Eclipse JGit allows arbitrary file write
2023-09-12 09:12:10
github
github
Apache Santuario - XML Security for Java are vulnerable to private key disclosure
2023-10-20 12:31:04
Arbitrary File Overwrite in Eclipse JGit
2023-09-18 15:30:18
cgr
cgr
CVE-2023-44483 vulnerabilities
2024-05-19 03:07:16
veracode
veracode
Information Disclosure
2023-10-25 08:59:16
Arbitrary File Overwrite
2023-09-21 11:12:57
cve
cve
CVE-2023-44483
2023-10-20 10:15:12
CVE-2023-4759
2023-09-12 10:15:29
CVE-2024-41807
2024-07-26 16:15:03
wolfi
wolfi
CVE-2023-44483 vulnerabilities
2024-10-01 09:27:37
cvelist
cvelist
CVE-2023-44483 Apache Santuario: Private Key disclosure in debug-log output
2023-10-20 09:23:53
CVE-2023-4759 Improper handling of case insensitive filesystems in Eclipse JGit allows arbitrary file write
2023-09-12 09:12:10
openvas
openvas
openSUSE: Security Advisory for eclipse (SUSE-SU-2024:0057-1)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0057-1)
2024-01-09 00:00:00
atlassian
atlassian
RCE (Remote Code Execution) org.eclipse.jgit:org.eclipse.jgit Dependency in Bamboo Data Center and Server
2024-05-13 10:10:37
oracle
oracle
Oracle Critical Patch Update Advisory - July 2024
2024-07-16 00:00:00
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0.002

Percentile

58.0%

JSON
Related for RHSA-2024:0710
redhat13nessus11osv8ibm45nvd3prion2debiancve2ubuntucve2redhatcve2vulnrichment2github2cgr1veracode2cve3wolfi1cvelist2openvas2atlassian1oracle3