Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2020:2561
HistoryJun 15, 2020 - 4:04 p.m.

(RHSA-2020:2561) Critical: EAP Continuous Delivery Technical Preview Release 12 security update

2020-06-1516:04:23
access.redhat.com
37

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.974 High

EPSS

Percentile

99.9%

JSON

Red Hat JBoss Enterprise Application Platform CD12 is a platform for Java applications based on the WildFly application runtime.

This release of Red Hat JBoss Enterprise Application Platform CD12 includes bug fixes and enhancements.

Security Fix(es):

  • artemis: artemis/hornetq: memory exhaustion via UDP and JGroups discovery (CVE-2017-12174)
  • lucene: Solr: Code execution via entity expansion (CVE-2017-12629)
  • infinispan-core: infinispan: Unsafe deserialization of malicious object injected into data cache (CVE-2017-15089)
  • slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
  • elytron: client can use bogus uri in digest authentication (CVE-2017-12196)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

nessus 45
veracode 7
osv 12
redhat 50
prion 5
cve 5
checkpoint_advisories 2
github 5
redhatcve 6
ubuntucve 3
debiancve 3
fedora 10
zdt 1
ubuntu 1
openvas 18
freebsd 1
ibm 7
seebug 1
packetstorm 1
debian 2
nuclei 1
f5 1
mageia 1
suse 1
amazon 1
oraclelinux 1
centos 1
photon 2
kitploit 1
oracle 4
nessus
nessus
RHEL 6 : JBoss EAP (RHSA-2018:0479)
2018-03-14 00:00:00
RHEL 6 / 7 : JBoss EAP (RHSA-2018:0481)
2018-03-14 00:00:00
RHEL 7 : JBoss EAP (RHSA-2018:0480)
2018-03-14 00:00:00
veracode
veracode
Information Disclosure
2019-01-15 09:20:39
Information Disclosure Through Authorization Bypass
2018-03-16 02:36:22
Unsafe Deserialization
2018-02-16 04:26:56
osv
osv
Deserialization of Untrusted Data in Infinispan
2022-05-14 00:59:30
CVE-2017-15089
2018-02-15 17:29:00
Incorrect Authorization in Undertow
2022-05-13 01:38:10
redhat
redhat
(RHSA-2018:0479) Important: JBoss Enterprise Application Platform 7.1.1 on RHEL 6
2018-03-12 16:34:40
(RHSA-2018:0480) Important: JBoss Enterprise Application Platform 7.1.1 for RHEL 7
2018-03-12 16:34:43
(RHSA-2018:0481) Important: jboss-ec2-eap package for EAP 7.1.1
2018-03-12 17:12:54
prion
prion
Deserialization of untrusted data
2018-02-15 17:29:00
Design/Logic Flaw
2018-03-07 22:29:00
Authorization
2018-04-18 01:29:00
cve
cve
CVE-2017-15089
2018-02-15 17:29:00
CVE-2017-12196
2018-04-18 01:29:00
CVE-2017-12174
2018-03-07 22:29:00
checkpoint_advisories
checkpoint_advisories
Red Hat JBoss Data Grid Hotrod Client Insecure Deserialization (CVE-2017-15089)
2018-05-02 00:00:00
Apache Solr xmlparser XML External Entity Expansion Remote Code Execution (CVE-2017-12629)
2017-10-26 00:00:00
github
github
Deserialization of Untrusted Data in Infinispan
2022-05-14 00:59:30
Uncontrolled Resource Consumption in Artemis and HornetQ
2022-05-13 01:11:53
Incorrect Authorization in Undertow
2022-05-13 01:38:10
redhatcve
redhatcve
CVE-2017-12196
2020-04-04 17:12:27
CVE-2017-12174
2022-05-14 11:38:55
CVE-2017-15089
2019-10-22 06:42:42
ubuntucve
ubuntucve
CVE-2017-12196
2018-04-18 00:00:00
CVE-2017-12629
2017-10-14 00:00:00
CVE-2018-8088
2018-03-20 00:00:00
debiancve
debiancve
CVE-2017-12196
2018-04-18 01:29:00
CVE-2017-12629
2017-10-14 23:29:00
CVE-2018-8088
2018-03-20 16:29:00
fedora
fedora
[SECURITY] Fedora 25 Update: lucene-5.5.0-5.fc25
2017-11-01 16:46:01
[SECURITY] Fedora 27 Update: lucene4-4.10.4-11.fc27
2017-11-29 00:01:53
[SECURITY] Fedora 26 Update: lucene-6.1.0-6.fc26
2017-11-01 00:12:13
zdt
zdt
Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution Vulnerability
2017-10-18 00:00:00
ubuntu
ubuntu
Apache Solr vulnerability
2020-01-29 00:00:00
openvas
openvas
Fedora Update for lucene FEDORA-2017-c7bdf540b4
2017-11-02 00:00:00
Fedora Update for lucene FEDORA-2017-005f8f7f7d
2017-11-02 00:00:00
Fedora Update for lucene4 FEDORA-2017-195e7ea9a8
2017-12-04 00:00:00
freebsd
freebsd
solr -- Code execution via entity expansion
2017-10-13 00:00:00
ibm
ibm
Security Bulletin: IBM InfoSphere BigInsights 4.2.5 is affected by an Open Source (Solr) vulnerabilty (CVE-2017-12629)
2020-07-18 23:22:56
Security Bulletin: A vulnerability in Apache Solr affects IBM InfoSphere Information Server
2019-04-03 23:45:02
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.2
2023-02-08 13:49:42
seebug
seebug
Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution(CVE-2017-12629)
2017-10-19 00:00:00
packetstorm
packetstorm
Apache Solr 7.0.1 XXE Injection / Code Execution
2017-10-18 00:00:00
debian
debian
[SECURITY] [DLA 1254-1] lucene-solr security update
2018-01-21 21:34:20
[SECURITY] [DSA 4124-1] lucene-solr security update
2018-02-27 19:38:50
nuclei
nuclei
Apache Solr <= 7.1 - XML Entity Injection
2020-08-28 03:46:31
f5
f5
K10631153 : Apache Solr vulnerability CVE-2017-12629
2018-03-27 00:00:00
mageia
mageia
Updated lucene packages fix security vulnerability
2017-11-06 11:22:52
suse
suse
Security update for slf4j (important)
2018-06-09 15:10:19
amazon
amazon
Important: slf4j
2018-04-19 05:11:00
oraclelinux
oraclelinux
slf4j security update
2018-03-26 00:00:00
centos
centos
slf4j security update
2018-03-27 20:22:24
photon
photon
Critical Photon OS Security Update - PHSA-2022-0373
2022-03-16 00:00:00
Critical Photon OS Security Update - PHSA-2022-3.0-0373
2022-03-16 00:00:00
kitploit
kitploit
Vulmap - Web Vulnerability Scanning And Verification Tools
2020-12-25 11:30:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2019
2019-04-16 00:00:00
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.974 High

EPSS

Percentile

99.9%

JSON
Related for RHSA-2020:2561
nessus45veracode7osv12redhat50prion5cve5checkpoint_advisories2github5redhatcve6ubuntucve3debiancve3fedora10zdt1ubuntu1openvas18freebsd1ibm7seebug1packetstorm1debian2nuclei1f51mageia1suse1amazon1oraclelinux1centos1photon2kitploit1oracle4