Medium: resteasy-base

🗓️ 09 Jan 2024 00:00:00Reported by AmazonType

amazon

amazon🔗 alas.aws.amazon.com👁 2 Views

RESTEasy up to 4.6.0.Final leaks endpoint names in errors and uses insecure temporary files.

Reporter	Title	Published	Views	Family All 187
IBM Security Bulletins	Security Bulletin: RESTEasy component is vulnerable to CVE-2023-0482 is used by IBM Maximo Application Suite	18 Aug 202316:17	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to privilege escalation due to IBM WebSphere Application Server Liberty (CVE-2023-0482)	30 Sep 202304:29	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.5	30 Apr 202418:52	–	ibm
IBM Security Bulletins	Security Bulletin: IBM SPSS Analytic Server is vulnerable to a privilege escalation due to RESTEasy (CVE-2023-0482)	1 Oct 202406:49	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities were identified in IBM Security Verify Access (CVE-2023-46158, CVE-2023-0482, CVE-2022-46364, CVE-2023-28867)	17 Jan 202415:13	–	ibm
IBM Security Bulletins	Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to a privilege escalation - CVE-2023-0482	24 Apr 202312:51	–	ibm
IBM Security Bulletins	Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities	26 Mar 202503:54	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Protect Operations Center is vulnerable to a privilege escalation due to IBM WebSphere Application Server Liberty (CVE-2023-0482)	22 Jun 202318:22	–	ibm
IBM Security Bulletins	Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a privilege escalation due to RESTEasy (CVE-2023-0482)	14 Apr 202320:50	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Analytics is affected but not classified as vulnerable to vulnerabilities in IBM Websphere Application Server Liberty	27 Sep 202314:07	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	2	any	resteasy-base	3.0.6-4.amzn2.0.1	resteasy-base-3.0.6-4.amzn2.0.1.noarch.rpm
Amazon Linux	2	any	resteasy-base-atom-provider	3.0.6-4.amzn2.0.1	resteasy-base-atom-provider-3.0.6-4.amzn2.0.1.noarch.rpm
Amazon Linux	2	any	resteasy-base-client	3.0.6-4.amzn2.0.1	resteasy-base-client-3.0.6-4.amzn2.0.1.noarch.rpm
Amazon Linux	2	any	resteasy-base-jackson-provider	3.0.6-4.amzn2.0.1	resteasy-base-jackson-provider-3.0.6-4.amzn2.0.1.noarch.rpm
Amazon Linux	2	any	resteasy-base-javadoc	3.0.6-4.amzn2.0.1	resteasy-base-javadoc-3.0.6-4.amzn2.0.1.noarch.rpm
Amazon Linux	2	any	resteasy-base-jaxb-provider	3.0.6-4.amzn2.0.1	resteasy-base-jaxb-provider-3.0.6-4.amzn2.0.1.noarch.rpm
Amazon Linux	2	any	resteasy-base-jaxrs	3.0.6-4.amzn2.0.1	resteasy-base-jaxrs-3.0.6-4.amzn2.0.1.noarch.rpm
Amazon Linux	2	any	resteasy-base-jaxrs-all	3.0.6-4.amzn2.0.1	resteasy-base-jaxrs-all-3.0.6-4.amzn2.0.1.noarch.rpm
Amazon Linux	2	any	resteasy-base-jaxrs-api	3.0.6-4.amzn2.0.1	resteasy-base-jaxrs-api-3.0.6-4.amzn2.0.1.noarch.rpm
Amazon Linux	2	any	resteasy-base-jettison-provider	3.0.6-4.amzn2.0.1	resteasy-base-jettison-provider-3.0.6-4.amzn2.0.1.noarch.rpm

09 Jan 2024 00:00Current

6.5Medium risk

Vulners AI Score6.5

CVSS 25

CVSS 3.15.5

EPSS0.00084

SSVC

resteasy base endpoint names error responses insecure temp files data confidentiality cve-2021-20289 cve-2023-0482