Lucene search

K
redhat
RedHatRHSA-2021:0874
HistoryMar 16, 2021 - 1:03 p.m.

(RHSA-2021:0874) Moderate: Red Hat JBoss Enterprise Application Platform 7.3.6 security update

2021-03-1613:03:50
access.redhat.com
45

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.006 Low

EPSS

Percentile

76.9%

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.

This release of Red Hat JBoss Enterprise Application Platform 7.3.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.6 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

  • jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client (CVE-2020-35510)

  • bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible (CVE-2020-28052)

  • wildfly-undertow: undertow: Possible regression in fix for CVE-2020-10687 (CVE-2021-20220)

  • jboss-ejb-client: wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client (CVE-2021-20250)

  • guava: local information disclosure via temporary directory created with unsafe permissions (CVE-2020-8908)

OSVersionArchitecturePackageVersionFilename
RedHat8noarcheap7-jboss-server-migration-eap7.1< 1.7.2-5.Final_redhat_00006.1.el8eapeap7-jboss-server-migration-eap7.1-1.7.2-5.Final_redhat_00006.1.el8eap.noarch.rpm
RedHat8noarcheap7-bouncycastle-mail< 1.68.0-1.redhat_00001.1.el8eapeap7-bouncycastle-mail-1.68.0-1.redhat_00001.1.el8eap.noarch.rpm
RedHat8noarcheap7-wildfly-modules< 7.3.6-1.GA_redhat_00002.1.el8eapeap7-wildfly-modules-7.3.6-1.GA_redhat_00002.1.el8eap.noarch.rpm
RedHat8srceap7-wildfly< 7.3.6-1.GA_redhat_00002.1.el8eapeap7-wildfly-7.3.6-1.GA_redhat_00002.1.el8eap.src.rpm
RedHat8noarcheap7-jboss-server-migration-wildfly10.0< 1.7.2-5.Final_redhat_00006.1.el8eapeap7-jboss-server-migration-wildfly10.0-1.7.2-5.Final_redhat_00006.1.el8eap.noarch.rpm
RedHat8noarcheap7-jboss-server-migration-wildfly16.0-server< 1.7.2-5.Final_redhat_00006.1.el8eapeap7-jboss-server-migration-wildfly16.0-server-1.7.2-5.Final_redhat_00006.1.el8eap.noarch.rpm
RedHat8srceap7-guava-failureaccess< 1.0.1-1.redhat_00002.1.el8eapeap7-guava-failureaccess-1.0.1-1.redhat_00002.1.el8eap.src.rpm
RedHat8noarcheap7-jboss-server-migration-wildfly8.2< 1.7.2-5.Final_redhat_00006.1.el8eapeap7-jboss-server-migration-wildfly8.2-1.7.2-5.Final_redhat_00006.1.el8eap.noarch.rpm
RedHat8srceap7-wildfly-http-client< 1.0.25-1.Final_redhat_00001.1.el8eapeap7-wildfly-http-client-1.0.25-1.Final_redhat_00001.1.el8eap.src.rpm
RedHat8noarcheap7-narayana< 5.9.11-1.Final_redhat_00001.1.el8eapeap7-narayana-5.9.11-1.Final_redhat_00001.1.el8eap.noarch.rpm
Rows per page:
1-10 of 961
Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.006 Low

EPSS

Percentile

76.9%

Related for RHSA-2021:0874