logo
DATABASE RESOURCES PRICING ABOUT US

(RHSA-2020:3638) Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 7 security update

2020-09-07T12:47:30

Description

This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547) * jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840) * jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548) * jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672) * jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673) * jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546) * undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710) * wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687) * jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950) * resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695) * wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714) * dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683) * wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748) * hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693) * hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900) * wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718) • wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740) * jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307) * jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297) For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.


Affected Package


OS OS Version Package Name Package Version
RedHat 7 eap7-wildfly-http-naming-client 1.0.22-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-ironjacamar-jdbc 1.4.22-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-jboss-modules 1.8.10-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-hibernate-core 5.3.17-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-resteasy-client-microprofile 3.6.1-10.SP9_redhat_00001.1.el7eap
RedHat 7 eap7-jboss-logmanager 2.1.15-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-wildfly-http-transaction-client 1.0.22-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-jboss-server-migration-wildfly9.0-to-eap7.2 1.3.1-13.Final_redhat_00014.1.el7eap
RedHat 7 eap7-wildfly-transaction-client 1.1.11-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-resteasy-jettison-provider 3.6.1-10.SP9_redhat_00001.1.el7eap
RedHat 7 eap7-jboss-server-migration-wildfly10.1 1.3.1-13.Final_redhat_00014.1.el7eap
RedHat 7 eap7-resteasy-jose-jwt 3.6.1-10.SP9_redhat_00001.1.el7eap
RedHat 7 eap7-resteasy-jaxrs 3.6.1-10.SP9_redhat_00001.1.el7eap
RedHat 7 eap7-jboss-server-migration-eap7.1-to-eap7.2 1.3.1-13.Final_redhat_00014.1.el7eap
RedHat 7 eap7-resteasy-jaxb-provider 3.6.1-10.SP9_redhat_00001.1.el7eap
RedHat 7 eap7-wildfly-http-ejb-client 1.0.22-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-jackson-databind 2.9.10.4-1.redhat_00001.1.el7eap
RedHat 7 eap7-weld-core 3.0.6-4.Final_redhat_00004.1.el7eap
RedHat 7 eap7-hibernate-java8 5.3.17-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-resteasy 3.6.1-10.SP9_redhat_00001.1.el7eap
RedHat 7 eap7-wildfly 7.2.9-4.GA_redhat_00003.1.el7eap
RedHat 7 eap7-elytron-web 1.2.5-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-jboss-server-migration-eap7.2 1.3.1-13.Final_redhat_00014.1.el7eap
RedHat 7 eap7-ironjacamar-common-api 1.4.22-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-jboss-modules 1.8.10-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-jboss-server-migration-eap6.4 1.3.1-13.Final_redhat_00014.1.el7eap
RedHat 7 eap7-hal-console 3.0.23-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-undertow 2.0.30-4.SP4_redhat_00001.1.el7eap
RedHat 7 eap7-jboss-server-migration-eap7.1 1.3.1-13.Final_redhat_00014.1.el7eap
RedHat 7 eap7-glassfish-jsf 2.3.5-13.SP3_redhat_00011.1.el7eap
RedHat 7 eap7-jboss-xnio-base 3.7.6-4.SP3_redhat_00001.1.el7eap
RedHat 7 eap7-wildfly-http-client 1.0.22-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-jboss-server-migration-wildfly8.2-to-eap7.2 1.3.1-13.Final_redhat_00014.1.el7eap
RedHat 7 eap7-wildfly-elytron 1.6.8-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-jboss-server-migration-wildfly8.2 1.3.1-13.Final_redhat_00014.1.el7eap
RedHat 7 eap7-jboss-server-migration-eap6.4-to-eap7.2 1.3.1-13.Final_redhat_00014.1.el7eap
RedHat 7 eap7-weld-jta 3.0.6-4.Final_redhat_00004.1.el7eap
RedHat 7 eap7-weld-probe-core 3.0.6-4.Final_redhat_00004.1.el7eap
RedHat 7 eap7-hibernate-validator 6.0.20-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-dom4j 2.1.3-1.redhat_00001.1.el7eap
RedHat 7 eap7-ironjacamar-core-api 1.4.22-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-jboss-genericjms 2.0.6-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-hal-console 3.0.23-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-jboss-server-migration 1.3.1-13.Final_redhat_00014.1.el7eap
RedHat 7 eap7-jboss-server-migration-wildfly9.0 1.3.1-13.Final_redhat_00014.1.el7eap
RedHat 7 eap7-jboss-server-migration-wildfly10.0 1.3.1-13.Final_redhat_00014.1.el7eap
RedHat 7 eap7-hibernate-entitymanager 5.3.17-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-weld-web 3.0.6-4.Final_redhat_00004.1.el7eap
RedHat 7 eap7-resteasy-cdi 3.6.1-10.SP9_redhat_00001.1.el7eap
RedHat 7 eap7-hibernate-validator 6.0.20-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-jboss-server-migration-eap7.0-to-eap7.2 1.3.1-13.Final_redhat_00014.1.el7eap
RedHat 7 eap7-jboss-server-migration-core 1.3.1-13.Final_redhat_00014.1.el7eap
RedHat 7 eap7-hibernate-envers 5.3.17-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-ironjacamar-core-impl 1.4.22-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-ironjacamar-common-impl 1.4.22-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-resteasy-jackson-provider 3.6.1-10.SP9_redhat_00001.1.el7eap
RedHat 7 eap7-weld-core-impl 3.0.6-4.Final_redhat_00004.1.el7eap
RedHat 7 eap7-wildfly-elytron 1.6.8-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-resteasy-jackson2-provider 3.6.1-10.SP9_redhat_00001.1.el7eap
RedHat 7 eap7-jboss-server-migration-wildfly12.0-to-eap7.2 1.3.1-13.Final_redhat_00014.1.el7eap
RedHat 7 eap7-resteasy-validator-provider-11 3.6.1-10.SP9_redhat_00001.1.el7eap
RedHat 7 eap7-wildfly-transaction-client 1.1.11-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-weld-core-jsf 3.0.6-4.Final_redhat_00004.1.el7eap
RedHat 7 eap7-ironjacamar-validator 1.4.22-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-dom4j 2.1.3-1.redhat_00001.1.el7eap
RedHat 7 eap7-jboss-server-migration-wildfly14.0-server 1.3.1-13.Final_redhat_00014.1.el7eap
RedHat 7 eap7-resteasy-yaml-provider 3.6.1-10.SP9_redhat_00001.1.el7eap
RedHat 7 eap7-resteasy-crypto 3.6.1-10.SP9_redhat_00001.1.el7eap
RedHat 7 eap7-resteasy-client 3.6.1-10.SP9_redhat_00001.1.el7eap
RedHat 7 eap7-jboss-server-migration-wildfly10.1-to-eap7.2 1.3.1-13.Final_redhat_00014.1.el7eap
RedHat 7 eap7-wildfly-java-jdk8 7.2.9-4.GA_redhat_00003.1.el7eap
RedHat 7 eap7-resteasy-json-binding-provider 3.6.1-10.SP9_redhat_00001.1.el7eap
RedHat 7 eap7-resteasy-atom-provider 3.6.1-10.SP9_redhat_00001.1.el7eap
RedHat 7 eap7-jboss-logmanager 2.1.15-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-hibernate 5.3.17-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-jboss-xnio-base 3.7.6-4.SP3_redhat_00001.1.el7eap
RedHat 7 eap7-weld-core 3.0.6-4.Final_redhat_00004.1.el7eap
RedHat 7 eap7-jboss-server-migration-wildfly13.0-server 1.3.1-13.Final_redhat_00014.1.el7eap
RedHat 7 eap7-hibernate-validator-cdi 6.0.20-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-glassfish-jsf 2.3.5-13.SP3_redhat_00011.1.el7eap
RedHat 7 eap7-wildfly 7.2.9-4.GA_redhat_00003.1.el7eap
RedHat 7 eap7-jboss-jsf-api_2.3_spec 2.3.5-7.SP2_redhat_00005.1.el7eap
RedHat 7 eap7-ironjacamar 1.4.22-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-ironjacamar 1.4.22-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-jboss-server-migration-wildfly11.0 1.3.1-13.Final_redhat_00014.1.el7eap
RedHat 7 eap7-undertow 2.0.30-4.SP4_redhat_00001.1.el7eap
RedHat 7 eap7-undertow-server 1.2.5-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-hibernate 5.3.17-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-jboss-jsf-api_2.3_spec 2.3.5-7.SP2_redhat_00005.1.el7eap
RedHat 7 eap7-resteasy-jsapi 3.6.1-10.SP9_redhat_00001.1.el7eap
RedHat 7 eap7-resteasy-multipart-provider 3.6.1-10.SP9_redhat_00001.1.el7eap
RedHat 7 eap7-resteasy 3.6.1-10.SP9_redhat_00001.1.el7eap
RedHat 7 eap7-resteasy-rxjava2 3.6.1-10.SP9_redhat_00001.1.el7eap
RedHat 7 eap7-jboss-genericjms 2.0.6-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-jboss-server-migration-wildfly11.0-to-eap7.2 1.3.1-13.Final_redhat_00014.1.el7eap
RedHat 7 eap7-jboss-server-migration 1.3.1-13.Final_redhat_00014.1.el7eap
RedHat 7 eap7-jboss-server-migration-wildfly12.0 1.3.1-13.Final_redhat_00014.1.el7eap
RedHat 7 eap7-wildfly-javadocs 7.2.9-4.GA_redhat_00003.1.el7eap
RedHat 7 eap7-resteasy-json-p-provider 3.6.1-10.SP9_redhat_00001.1.el7eap
RedHat 7 eap7-ironjacamar-deployers-common 1.4.22-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-jboss-server-migration-cli 1.3.1-13.Final_redhat_00014.1.el7eap
RedHat 7 eap7-weld-ejb 3.0.6-4.Final_redhat_00004.1.el7eap
RedHat 7 eap7-ironjacamar-common-spi 1.4.22-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-wildfly-http-client-common 1.0.22-1.Final_redhat_00001.1.el7eap
RedHat 7 eap7-jboss-server-migration-wildfly10.0-to-eap7.2 1.3.1-13.Final_redhat_00014.1.el7eap
RedHat 7 eap7-jackson-databind 2.9.10.4-1.redhat_00001.1.el7eap
RedHat 7 eap7-resteasy-spring 3.6.1-10.SP9_redhat_00001.1.el7eap
RedHat 7 eap7-wildfly-java-jdk11 7.2.9-4.GA_redhat_00003.1.el7eap
RedHat 7 eap7-wildfly-modules 7.2.9-4.GA_redhat_00003.1.el7eap
RedHat 7 eap7-jboss-server-migration-eap7.0 1.3.1-13.Final_redhat_00014.1.el7eap

Related


redhat
unix

(RHSA-2020:3639) Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 8 security update

2020-09-07T12:48:20
redhat
unix

(RHSA-2020:3637) Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 6 security update

2020-09-07T12:47:16
redhat
unix

(RHSA-2020:3642) Important: Red Hat JBoss Enterprise Application Platform 7.2.9 security update

2020-09-07T12:53:25
redhat
unix

(RHSA-2020:3464) Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update

2020-08-17T13:21:20
redhat
unix

(RHSA-2020:3463) Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update

2020-08-17T13:19:02
redhat
unix

(RHSA-2020:3462) Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update

2020-08-17T13:18:02
redhat
unix

(RHSA-2020:3461) Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update

2020-08-17T13:17:33
redhat
unix

(RHSA-2020:3501) Important: Red Hat Single Sign-On 7.4.2 security update

2020-08-18T16:30:36
redhat
unix

(RHSA-2020:3539) Important: Red Hat build of Thorntail 2.7.1 security and bug fix update

2020-09-02T09:43:23
redhat
unix

(RHSA-2020:3143) Important: Red Hat JBoss Enterprise Application Platform 7.3 security update

2020-07-23T20:16:37
redhat
unix

(RHSA-2020:3141) Important: Red Hat JBoss Enterprise Application Platform 7.3 security update

2020-07-23T20:08:41
redhat
unix

(RHSA-2020:3144) Important: Red Hat JBoss Enterprise Application Platform 7.2 security update

2020-07-23T20:17:01
redhat
unix

(RHSA-2020:3142) Important: Red Hat JBoss Enterprise Application Platform 7.2 security update

2020-07-23T20:09:21
redhat
unix

(RHSA-2020:3585) Important: EAP Continuous Delivery Technical Preview Release 20 security update

2020-08-31T15:36:27
redhat
unix

(RHSA-2020:1644) Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

2020-04-28T09:00:20
redhat
unix

(RHSA-2020:3779) Important: Red Hat Data Grid 7.3.7 security update

2020-09-17T13:03:47
redhat
unix

(RHSA-2020:4961) Moderate: Red Hat Process Automation Manager 7.9.0 security update

2020-11-05T18:44:42
redhat
unix

(RHSA-2020:4960) Moderate: Red Hat Decision Manager 7.9.0 security update

2020-11-05T18:43:06
redhat
unix

(RHSA-2020:2113) Important: Red Hat Single Sign-On 7.3.8 security update

2020-05-12T17:08:26
redhat
unix

(RHSA-2020:2511) Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update

2020-06-10T18:44:52
redhat
unix

(RHSA-2020:2515) Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update

2020-06-10T19:19:41
redhat
unix

(RHSA-2020:2512) Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update

2020-06-10T18:56:41
redhat
unix

(RHSA-2020:2513) Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update

2020-06-10T18:57:28
redhat
unix

(RHSA-2020:3817) Moderate: AMQ Clients 2.8.0 Release

2020-09-23T08:38:56
redhat
unix

(RHSA-2020:2813) Important: Red Hat Single Sign-On 7.4.1 security update

2020-07-02T13:17:12
redhat
unix

(RHSA-2020:4252) Important: Red Hat build of Quarkus 1.7.5 release and security update

2020-10-14T11:13:06
redhat
unix

(RHSA-2020:4344) Moderate: Open Liberty 20.0.0.11 Runtime security update

2020-10-26T15:38:37
nessus
scanner

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 7 (RHSA-2020:3638)

2020-09-08T00:00:00
nessus
scanner

RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 6 (RHSA-2020:3637)

2020-09-08T00:00:00
nessus
scanner

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 8 (RHSA-2020:3639)

2020-09-08T00:00:00
nessus
scanner

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.2 (RHSA-2020:3462)

2020-08-17T00:00:00
nessus
scanner

RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.2 (RHSA-2020:3461)

2020-08-17T00:00:00
nessus
scanner

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.3.2 (RHSA-2020:3463)

2020-08-17T00:00:00
nessus
scanner

RHEL 6 / 8 : Red Hat JBoss Enterprise Application Platform 7.3 (RHSA-2020:3141)

2020-07-24T00:00:00
nessus
scanner

RHEL 6 / 8 : Red Hat JBoss Enterprise Application Platform 7.2 (RHSA-2020:3142)

2020-07-24T00:00:00
nessus
scanner

Debian DLA-2135-1 : jackson-databind security update

2020-03-06T00:00:00
nessus
scanner

RHEL 8 : pki-core:10.6 and pki-deps:10.6 (RHSA-2020:1644)

2020-04-28T00:00:00
nessus
scanner

Debian DLA-2153-1 : jackson-databind security update

2020-03-23T00:00:00
nessus
scanner

RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.1 Security update (Important) (RHSA-2020:2511)

2020-06-11T00:00:00
nessus
scanner

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.1 Security update (Important) (RHSA-2020:2512)

2020-06-11T00:00:00
nessus
scanner

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.3.1 Security update (Important) (RHSA-2020:2513)

2020-06-11T00:00:00
nessus
scanner

RHEL 6 / 8 : AMQ Clients 2.8.0 Release (Moderate) (RHSA-2020:3817)

2020-09-23T00:00:00
nessus
scanner

Oracle Primavera Unifier Multiple Vulnerabilities (Jul 2020 CPU)

2020-07-15T00:00:00
nessus
scanner

FreeBSD : Payara -- path trasversal flaw via either loc/con parameters in Eclipse Mojarra (b07bdd3c-0809-11eb-a3a4-0019dbb15b3f)

2020-10-09T00:00:00
nessus
scanner

F5 Networks BIG-IP : FasterXML jackson-databind vulnerability (K15320518)

2020-07-22T00:00:00
nessus
scanner

Ubuntu 16.04 LTS : dom4j vulnerability (USN-4575-1)

2020-10-14T00:00:00
nessus
scanner

EulerOS 2.0 SP8 : dom4j (EulerOS-SA-2020-1799)

2020-07-30T00:00:00
nessus
scanner

EulerOS 2.0 SP5 : dom4j (EulerOS-SA-2020-1596)

2020-06-02T00:00:00
nessus
scanner

Debian DLA-2191-1 : dom4j security update

2020-05-01T00:00:00
nessus
scanner

openSUSE Security Update : dom4j (openSUSE-2020-719)

2020-05-29T00:00:00
nessus
scanner

EulerOS 2.0 SP2 : dom4j (EulerOS-SA-2020-1677)

2020-06-17T00:00:00
ibm
software

Security Bulletin: Multiple Security Vulnerabilities in Jackson-databind Affect IBM Sterling B2B Integrator

2020-07-24T17:07:55
ibm
software

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind

2020-06-19T05:07:08
ibm
software

Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability

2020-10-13T15:50:09
ibm
software

Security Bulletin: Multiple vulnerabilities in jackson-databind affect IBM Platform Symphony and IBM Spectrum Symphony

2020-04-10T01:55:37
ibm
software

Security Bulletin: jackson-databind (Publicly disclosed vulnerability) found in Network Performance Insight

2020-08-04T18:51:02
ibm
software

Security Bulletin: Series of vulnerabilities in FasterXML jackson-databind affect Apache Solr shipped with IBM Operations Analytics - Log Analysis

2021-04-22T05:30:31
ibm
software

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-10693)

2021-01-20T09:05:35
ibm
software

Security Bulletin: Vulnerability in Hibernate Validator affects WebSphere Application Server Liberty bundled with IBM WebSphere Application Server Patterns (CVE-2020-10693)

2020-10-15T16:29:23
ibm
software

Security Bulletin: Rational Asset Analyzer is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2020-10693)

2021-03-23T22:22:41
ibm
software

Security Bulletin: Novalink is impacted by Vulnerability in Hibernate Validator affects WebSphere Application Server Liberty (CVE-2020-10693)

2020-11-09T10:03:28
ibm
software

Security Bulletin: Websphere Hibernate Validator Vulnerability Affects IBM Control Center (CVE-2020-10693)

2021-01-15T22:29:11
ibm
software

Security Bulletin: Vulnerability in Hibernate Validator affects Liberty for Java for IBM Cloud (CVE-2020-10693)

2022-10-07T16:01:56
ibm
software

Security Bulletin: Vulnerability in Hibernate Validator affects WebSphere Application Server Liberty (CVE-2020-10693)

2020-10-14T22:42:42
ibm
software

Security Bulletin: Vulnerability in WebSphere Application Server Liberty affects IBM Z Development and Test Environment - Jan 2021

2021-01-29T14:27:17
ibm
software

Security Bulletin: Vulnerability in Hibernate Validator may affect IBM WebSphere Application Server Liberty shipped with IBM Digital Business Automation Workflow family products (CVE-2020-10693)

2022-09-14T15:28:14
ibm
software

Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2020-10693)

2020-12-11T15:53:39
ibm
software

Security Bulletin: Potential vulnerability with FasterXML jackson-databind

2020-06-19T18:21:39
ibm
software

Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability

2020-10-14T20:48:36
ibm
software

Security Bulletin: A vulnerability in Jackson Databind affects IBM Operations Analytics Predictive Insights (CVE-2020-8840)

2020-07-17T11:51:52
ibm
software

Security Bulletin: jackson-databind (Publicly disclosed vulnerability) found in Network Performance Insight (CVE-2020-8840)

2020-08-13T19:42:14
ibm
software

Security Bulletin: Vulnerability in Open Source Jackson databind used in IBM Cloud Pak System (CVE-2020-8840)

2020-05-06T12:02:05
ibm
software

Security Bulletin: IBM Event Streams is affected by jackson-databind vulnerability CVE-2020-8840

2020-06-11T16:13:53
ibm
software

Security Bulletin:IBM Resilient SOAR is Using Components with Known Vulnerabilities - dom4j (CVE-2020-10683)

2020-08-31T21:38:10
ibm
software

Security Bulletin: IBM Security Verify Information Queue uses a dom4j version with improper XXE restrictions (CVE-2020-10683)

2022-07-07T17:43:49
debian
unix

[SECURITY] [DLA 2135-1] jackson-databind security update

2020-03-05T22:55:37
debian
unix

[SECURITY] [DLA 2135-1] jackson-databind security update

2020-03-05T22:55:37
debian
unix

[SECURITY] [DLA 2153-1] jackson-databind security update

2020-03-22T12:03:56
debian
unix

[SECURITY] [DLA 2153-1] jackson-databind security update

2020-03-22T12:03:56
debian
unix

[SECURITY] [DLA 2191-1] dom4j security update

2020-04-30T22:00:18
debian
unix

[SECURITY] [DLA 2191-1] dom4j security update

2020-04-30T22:00:18
osv
software

jackson-databind - security update

2020-03-06T00:00:00
osv
software

jackson-databind - security update

2020-03-22T00:00:00
osv
software

HTTP Request Smuggling in Undertow

2021-04-30T17:28:52
osv
software

HTTP request smuggling in Undertow

2021-06-16T17:47:52
osv
software

Path Traversal in Eclipse Mojarra

2022-05-14T02:59:22
osv
software

SQL Injection in Hibernate ORM

2022-02-10T23:05:04
osv
software

Session Fixation in WildFly Elytron

2022-02-15T01:39:57
osv
software

Improper Input Validation in Hibernate Validator

2021-06-04T21:36:34
osv
software

jackson-databind mishandles the interaction between serialization gadgets and typing

2020-05-15T18:59:01
osv
software

jackson-databind mishandles the interaction between serialization gadgets and typing

2020-05-15T18:59:04
osv
software

jackson-databind mishandles the interaction between serialization gadgets and typing

2020-05-15T18:59:10
osv
software

Directory traversal in Eclipse Mojarra

2021-09-01T18:23:58
osv
software

jackson-databind mishandles the interaction between serialization gadgets and typing

2020-04-23T21:08:40
osv
software

Deserialization of Untrusted Data in jackson-databind

2020-03-04T20:52:14
osv
software

dom4j - security update

2020-05-01T00:00:00
openvas
scanner

Debian LTS: Security Advisory for jackson-databind (DLA-2135-1)

2020-03-06T00:00:00
openvas
scanner

Debian LTS: Security Advisory for jackson-databind (DLA-2153-1)

2020-03-23T00:00:00
openvas
scanner

Debian LTS: Security Advisory for dom4j (DLA-2191-1)

2020-05-01T00:00:00
openvas
scanner

openSUSE: Security Advisory for dom4j (openSUSE-SU-2020:0719-1)

2020-05-27T00:00:00
openvas
scanner

Huawei EulerOS: Security Advisory for dom4j (EulerOS-SA-2020-1677)

2020-06-16T00:00:00
openvas
scanner

Huawei EulerOS: Security Advisory for dom4j (EulerOS-SA-2020-1596)

2020-06-03T00:00:00
rocky
unix

pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

2020-04-28T09:00:20
veracode
software

Path Traversal

2020-06-12T03:38:57
veracode
software

HTTP Request Smuggling

2020-08-18T02:03:52
veracode
software

SQL Injection

2020-08-18T02:03:37
veracode
software

Information Disclosure

2020-08-18T02:04:01
veracode
software

Denial Of Service (DoS)

2020-07-25T04:15:40
veracode
software

Unsafe Deserialization

2020-06-03T05:41:48
veracode
software

Session Fixation

2020-08-18T02:03:58
veracode
software

EL Expression Injection

2020-05-18T06:05:42
veracode
software

Remote Code Execution (RCE)

2020-03-03T04:20:13
veracode
software

Remote Code Execution (RCE)

2020-03-20T05:58:29
veracode
software

Remote Code Execution (RCE)

2020-03-03T04:08:27
veracode
software

Deserialization Of Untrusted Object

2020-03-03T03:42:59
veracode
software

Remote Code Execution

2020-02-11T02:42:43
veracode
software

XML External Entity

2020-04-22T04:37:29
redhatcve
info

CVE-2020-6950

2020-02-25T06:10:45
redhatcve
info

CVE-2020-10687

2020-04-15T06:00:02
redhatcve
info

CVE-2021-20220

2021-02-04T00:51:57
redhatcve
info

CVE-2018-14371

2018-07-24T06:19:49
redhatcve
info

CVE-2019-14900

2020-05-12T15:40:12
redhatcve
info

CVE-2020-10718

2021-03-21T06:34:11
redhatcve
info

CVE-2020-14297

2021-08-08T02:41:44
redhatcve
info

CVE-2020-14307

2021-08-01T07:21:04
redhatcve
info

CVE-2020-10740

2020-06-02T13:21:55
redhatcve
info

CVE-2020-10714

2020-04-28T04:34:41
redhatcve
info

CVE-2020-10693

2020-05-05T07:39:53
redhatcve
info

CVE-2020-9548

2020-03-23T20:01:25
redhatcve
info

CVE-2020-10673

2021-07-18T01:55:18
redhatcve
info

CVE-2020-9547

2022-05-14T11:39:35
redhatcve
info

CVE-2020-9546

2020-03-23T20:01:24
redhatcve
info

CVE-2020-8840

2021-07-18T00:41:10
github
software

HTTP Request Smuggling in Undertow

2021-04-30T17:28:52
github
software

HTTP request smuggling in Undertow

2021-06-16T17:47:52
github
software

Path Traversal in Eclipse Mojarra

2022-05-14T02:59:22
github
software

SQL Injection in Hibernate ORM

2022-02-10T23:05:04
github
software

Session Fixation in WildFly Elytron

2022-02-15T01:39:57
github
software

Improper Input Validation in Hibernate Validator

2021-06-04T21:36:34
github
software

jackson-databind mishandles the interaction between serialization gadgets and typing

2020-05-15T18:59:01
github
software

jackson-databind mishandles the interaction between serialization gadgets and typing

2020-05-15T18:59:04
github
software

jackson-databind mishandles the interaction between serialization gadgets and typing

2020-05-15T18:59:10
github
software

Directory traversal in Eclipse Mojarra

2021-09-01T18:23:58
github
software

jackson-databind mishandles the interaction between serialization gadgets and typing

2020-04-23T21:08:40
github
software

Deserialization of Untrusted Data in jackson-databind

2020-03-04T20:52:14
github
software

dom4j allows External Entities by default which might enable XXE attacks

2020-06-05T16:13:36
debiancve
info

CVE-2020-10687

2020-09-23T13:15:00
debiancve
info

CVE-2021-20220

2021-02-23T18:15:00
debiancve
info

CVE-2018-14371

2018-07-18T12:29:00
debiancve
info

CVE-2019-14900

2020-07-06T19:15:00
debiancve
info

CVE-2020-10693

2020-05-06T14:15:00
debiancve
info

CVE-2020-9548

2020-03-02T04:15:00
debiancve
info

CVE-2020-10673

2020-03-18T22:15:00
debiancve
info

CVE-2020-9547

2020-03-02T04:15:00
debiancve
info

CVE-2020-6950

2021-06-02T16:15:00
debiancve
info

CVE-2020-9546

2020-03-02T04:15:00
debiancve
info

CVE-2020-8840

2020-02-10T21:56:00
debiancve
info

CVE-2020-10683

2020-05-01T19:15:00
ubuntucve
info

CVE-2020-10687

2020-09-23T00:00:00
ubuntucve
info

CVE-2021-20220

2021-02-23T00:00:00
ubuntucve
info

CVE-2018-14371

2018-07-18T00:00:00
ubuntucve
info

CVE-2020-10693

2020-05-06T00:00:00
ubuntucve
info

CVE-2020-9548

2020-03-02T00:00:00
ubuntucve
info

CVE-2020-10673

2020-03-18T00:00:00
ubuntucve
info

CVE-2020-9547

2020-03-02T00:00:00
ubuntucve
info

CVE-2020-6950

2021-06-02T00:00:00
ubuntucve
info

CVE-2020-9546

2020-03-02T00:00:00
ubuntucve
info

CVE-2020-8840

2020-02-10T00:00:00
ubuntucve
info

CVE-2020-10683

2020-05-01T00:00:00
cve
NVD

CVE-2020-10687

2020-09-23T13:15:00
cve
NVD

CVE-2021-20220

2021-02-23T18:15:00
cve
NVD

CVE-2018-14371

2018-07-18T12:29:00
cve
NVD

CVE-2019-14900

2020-07-06T19:15:00
cve
NVD

CVE-2020-10718

2020-09-16T19:15:00
cve
NVD

CVE-2020-14297

2020-07-24T16:15:00
cve
NVD

CVE-2020-14307

2020-07-24T16:15:00
cve
NVD

CVE-2020-10740

2020-06-22T18:15:00
cve
NVD

CVE-2020-10714

2020-09-23T13:15:00
cve
NVD

CVE-2020-10693

2020-05-06T14:15:00
cve
NVD

CVE-2020-9548

2020-03-02T04:15:00
cve
NVD

CVE-2020-10673

2020-03-18T22:15:00
cve
NVD

CVE-2020-9547

2020-03-02T04:15:00
cve
NVD

CVE-2020-6950

2021-06-02T16:15:00
cve
NVD

CVE-2020-9546

2020-03-02T04:15:00
cve
NVD

CVE-2020-8840

2020-02-10T21:56:00
githubexploit
exploit

Exploit for SQL Injection in Hibernate Hibernate Orm

2021-01-06T13:06:45
githubexploit
exploit

Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind

2020-06-05T02:05:15
githubexploit
exploit

Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind

2020-02-23T03:51:40
githubexploit
exploit

Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind

2020-11-11T07:53:21
attackerkb
info

CVE-2020-10740

2020-06-22T00:00:00
freebsd
unix

Payara -- path trasversal flaw via either loc/con parameters in Eclipse Mojarra

2020-01-13T00:00:00
symantec
software

Oracle WebLogic Server CVE-2020-6950 Remote Security Vulnerability

2020-01-14T00:00:00
huawei
software

Security Advisory - fastjson Injection Vulnerability in Huawei Products

2020-07-22T00:00:00
huawei
software

Security Advisory - FasterXML Jackson-databind Injection Vulnerability in Huawei Products

2020-06-10T00:00:00
f5
software

Apache vulnerability CVE-2020-8840

2020-03-24T07:51:00
f5
software

dom4j library vulnerability CVE-2020-10683

2020-05-12T20:33:00
suse
unix

Security update for dom4j (important)

2020-05-26T00:00:00
mageia
unix

Updated dom4j packages fix a security vulnerability

2021-01-17T16:07:01
ubuntu
unix

dom4j vulnerability

2020-10-13T00:00:00