CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
74.4%
These are CVE issues filed against XP1 releases that have been fixed in the underlying EAP 7.3.x base, so no changes to the EAP XP1 code base.
Security Fix(es):
velocity: arbitrary code execution when attacker is able to modify templates (CVE-2020-13936)
bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible (CVE-2020-28052)
jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client (CVE-2020-35510)
undertow: Possible regression in fix for CVE-2020-10687 (CVE-2021-20220)
wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client (CVE-2021-20250)
netty: Information disclosure via the local system temporary directory (CVE-2021-21290)
guava: local information disclosure via temporary directory created with unsafe permissions (CVE-2020-8908)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
74.4%