9.9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%
This release of Red Hat Integration - Camel Extensions for Quarkus - 2.2 GA serves as a replacement for tech-preview 2, and includes bug fixes and
enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
jetty (CVE-2021-28163, CVE-2020-27218, CVE-2020-27223, CVE-2021-28164, CVE-2021-28169, CVE-2021-28165, CVE-2021-34428, CVE-2021-34428)
undertow: potential security issue in flow control over HTTP/2 may lead to DOS (CVE-2021-3629)
xstream (CVE-2021-39144, CVE-2021-39141, CVE-2021-39154, CVE-2021-39153, CVE-2021-39152, CVE-2021-39151, CVE-2021-39150, CVE-2021-39149, CVE-2021-39148, CVE-2021-39147, CVE-2021-39146, CVE-2021-39145, CVE-2021-39140, CVE-2021-39139, CVE-2021-21351, CVE-2021-21350, CVE-2021-21349, CVE-2021-21348, CVE-2021-21347, CVE-2021-21346, CVE-2021-21345, CVE-2021-21344, CVE-2021-21343, CVE-2021-21342, CVE-2021-21341, CVE-2021-29505, CVE-2020-26259, CVE-2020-26258, CVE-2020-26217)
wildfly-elytron: possible timing attack in ScramServer (CVE-2021-3642)
RESTEasy: Caching routes in RootNode may result in DoS (CVE-2020-14326)
resteasy-core: resteasy: Error message exposes endpoint class information (CVE-2021-20289)
velocity: arbitrary code execution when attacker is able to modify templates (CVE-2020-13936)
undertow: buffer leak on incoming websocket PONG message may lead to DoS (CVE-2021-3690)
mongodb-driver: mongo-java-driver: client-side field level encryption not verifying KMS host name (CVE-2021-20328)
gradle: information disclosure through temporary directory permissions (CVE-2021-29429)
json-smart: uncaught exception may lead to crash or information disclosure (CVE-2021-27568)
bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible (CVE-2020-28052)
jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
9.9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%