Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2024:1686
HistoryApr 04, 2024 - 9:09 p.m.

(RHSA-2024:1686) Moderate: Red Hat Single Sign-On 7.6.7 for OpenShift image security update

2024-04-0421:09:13
access.redhat.com
15
red hat
single sign-on
security update
rhel-8
container images
postgresql jdbc driver
maxminddb
nss
red hat container catalog
unix

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0.004

Percentile

73.2%

JSON

The rh-sso-7/sso76-openshift-rhel8 container image has been updated for RHEL-8 based Middleware Containers to address the following security advisory: RHSA-2023:5837 (see References)

Users of rh-sso-7/sso76-openshift-rhel8 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.

Security Fix(es):

  • pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE (CVE-2024-1597)

  • libmaxminddb: improper initialization in dump_entry_data_list() in maxminddb.c (CVE-2020-28241)

  • nss: vulnerable to Minerva side-channel information leak (CVE-2023-6135)

You can find images updated by this advisory in Red Hat Container Catalog (see References).

Related

redhat 18
ubuntucve 3
nessus 59
osv 28
openvas 16
gentoo 1
mageia 2
cvelist 3
almalinux 5
alpinelinux 3
cve 3
ubuntu 4
fedora 3
veracode 2
prion 3
oraclelinux 6
ibm 10
rocky 4
nvd 3
atlassian 3
debiancve 3
vulnrichment 2
hivepro 1
thn 1
f5 1
github 1
malwarebytes 1
debian 2
redhatcve 3
cgr 1
wolfi 1
amazon 1
redos 1
rosalinux 1
redhat
redhat
(RHSA-2024:0845) Critical: OpenShift Container Platform 4.13.34 security update
2024-02-21 01:36:00
(RHSA-2024:0751) Moderate: libmaxminddb security update
2024-02-08 17:22:47
(RHSA-2024:0790) Moderate: nss security update
2024-02-12 16:31:35
ubuntucve
ubuntucve
CVE-2020-28241
2020-11-06 00:00:00
CVE-2024-1597
2024-02-19 00:00:00
CVE-2023-6135
2023-12-20 00:00:00
nessus
nessus
CentOS 8 : libmaxminddb (CESA-2024:0768)
2024-02-12 00:00:00
Oracle Linux 8 : libmaxminddb (ELSA-2024-0768)
2024-02-12 00:00:00
RHEL 8 : libmaxminddb (RHSA-2024:0750)
2024-02-09 00:00:00
osv
osv
Moderate: libmaxminddb security update
2024-02-12 00:00:00
CVE-2020-28241
2020-11-06 05:15:10
Moderate: nss security update
2024-03-12 15:41:47
openvas
openvas
Huawei EulerOS: Security Advisory for libmaxminddb (EulerOS-SA-2021-1152)
2021-02-02 00:00:00
Fedora: Security Advisory for libmaxminddb (FEDORA-2020-1fb1785fa1)
2020-12-26 00:00:00
Debian: Security Advisory (DLA-2445-1)
2020-11-11 00:00:00
gentoo
gentoo
libmaxminddb: Denial of service
2020-11-14 00:00:00
mageia
mageia
Updated libmaxminddb packages fix security vulnerability
2020-12-28 22:09:43
Updated postgresql-jdbc packages fix security vulnerability
2024-04-12 02:58:49
cvelist
cvelist
CVE-2020-28241
2020-11-06 04:43:12
CVE-2024-1597 pgjdbc SQL Injection via line comment generation
2024-02-19 12:58:48
CVE-2023-6135
2023-12-19 13:38:46
almalinux
almalinux
Moderate: nss security update
2024-02-12 00:00:00
Important: postgresql-jdbc security update
2024-03-20 00:00:00
Moderate: libmaxminddb security update
2024-02-12 00:00:00
alpinelinux
alpinelinux
CVE-2023-6135
2023-12-19 14:15:07
CVE-2020-28241
2020-11-06 05:15:10
CVE-2024-1597
2024-02-19 13:15:07
cve
cve
CVE-2020-28241
2020-11-06 05:15:10
CVE-2023-6135
2023-12-19 14:15:07
CVE-2024-1597
2024-02-19 13:15:07
ubuntu
ubuntu
libmaxminddb vulnerability
2020-11-12 00:00:00
libmaxminddb vulnerability
2022-11-30 00:00:00
NSS regression
2024-04-11 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: libmaxminddb-1.4.3-1.fc32
2020-12-26 01:19:00
[SECURITY] Fedora 33 Update: libmaxminddb-1.4.3-1.fc33
2020-12-26 01:37:30
[SECURITY] Fedora 40 Update: postgresql-jdbc-42.7.3-1.fc40
2024-03-23 00:53:40
veracode
veracode
Denial Of Service (DoS)
2020-12-30 16:52:44
Sql Injection
2024-02-20 07:34:50
prion
prion
Heap overflow
2020-11-06 05:15:00
Code injection
2023-12-19 14:15:00
Sql injection
2024-02-19 13:15:00
oraclelinux
oraclelinux
postgresql-jdbc security update
2024-03-20 00:00:00
nss security update
2024-02-13 00:00:00
libmaxminddb security update
2024-02-12 00:00:00
ibm
ibm
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in postgresql-42.3.2.jar
2024-04-30 17:34:16
Security Bulletin: IBM Maximo Application Suite uses postgresql-42.3.8.jar which is vulnerable to CVE-2024-1597
2024-04-01 07:41:36
Security Bulletin: An IBM QRadar SIEM JDBC protocol is vulnerable to SQL injection (CVE-2024-1597)
2024-05-15 08:37:11
rocky
rocky
postgresql-jdbc security update
2024-05-10 14:32:42
libmaxminddb security update
2024-03-12 15:41:47
postgresql-jdbc security update
2024-03-27 04:34:32
nvd
nvd
CVE-2024-1597
2024-02-19 13:15:07
CVE-2020-28241
2020-11-06 05:15:10
CVE-2023-6135
2023-12-19 14:15:07
atlassian
atlassian
SQLi (SQL Injection) org.postgresql:postgresql Dependency in Confluence Data Center and Server
2024-05-16 04:11:13
SQLi (SQL Injection) org.postgresql:postgresql Dependency in Jira Software Data Center and Server
2024-04-10 07:45:35
SQLi (SQL Injection) org.postgresql:postgresql Dependency in Bamboo Data Center and Server
2024-03-14 05:46:01
debiancve
debiancve
CVE-2020-28241
2020-11-06 05:15:10
CVE-2023-6135
2023-12-19 14:15:07
CVE-2024-1597
2024-02-19 13:15:07
vulnrichment
vulnrichment
CVE-2023-6135
2023-12-19 13:38:46
CVE-2024-1597 pgjdbc SQL Injection via line comment generation
2024-02-19 12:58:48
hivepro
hivepro
Critical SQL Injection Vulnerability Discovered in Atlassian Bamboo
2024-03-23 02:06:59
thn
thn
Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug
2024-03-21 03:34:00
f5
f5
K000139489 : PostgreSQL JDBC Driver vulnerability CVE-2024-1597
2024-05-02 00:00:00
github
github
org.postgresql:postgresql vulnerable to SQL Injection via line comment generation
2024-02-21 23:33:43
malwarebytes
malwarebytes
Was T-Mobile compromised by a zero-day in Jira?
2024-06-21 07:34:25
debian
debian
[SECURITY] [DLA 2445-1] libmaxminddb security update
2020-11-10 18:25:00
[SECURITY] [DLA 3812-1] libpgjava security update
2024-05-09 22:17:36
redhatcve
redhatcve
CVE-2020-28241
2020-11-06 14:59:19
CVE-2024-1597
2024-02-28 08:10:45
CVE-2023-6135
2024-01-11 09:00:57
cgr
cgr
CVE-2024-1597 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2024-1597 vulnerabilities
2024-10-01 21:13:23
amazon
amazon
Medium: nss-softokn
2024-02-15 03:52:00
redos
redos
ROS-20240807-07
2024-08-07 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2323
2024-01-09 10:03:06

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0.004

Percentile

73.2%

JSON
Related for RHSA-2024:1686
redhat18ubuntucve3nessus59osv28openvas16gentoo1mageia2cvelist3almalinux5alpinelinux3cve3ubuntu4fedora3veracode2prion3oraclelinux6ibm10rocky4nvd3atlassian3debiancve3vulnrichment2hivepro1thn1f51github1malwarebytes1debian2redhatcve3cgr1wolfi1amazon1redos1rosalinux1