(RHSA-2020:2062) Important: Red Hat JBoss Enterprise Application Platform 7.2 security update

2020-05-12T00:09:56
ID RHSA-2020:2062
Type redhat
Reporter RedHat
Modified 2020-05-12T00:10:35

Description

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.

This asynchronous patch is a security update for the Infinispan package in Red Hat JBoss Enterprise Application Platform 7.2.

Security Fix(es):

  • infinispan-core: infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods (CVE-2019-10174)

  • jsf-impl: mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter (CVE-2018-14371)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.