Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2021:4767
HistoryNov 23, 2021 - 10:29 a.m.

(RHSA-2021:4767) Moderate: Red Hat Integration Camel Extensions for Quarkus GA security update

2021-11-2310:29:48
access.redhat.com
33

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON

This release of Red Hat Integration - Camel Extensions for Quarkus - 2.2 GA serves as a replacement for tech-preview 2, and includes bug fixes and
enhancements, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

  • jetty (CVE-2021-28163, CVE-2020-27218, CVE-2020-27223, CVE-2021-28164, CVE-2021-28169, CVE-2021-28165, CVE-2021-34428, CVE-2021-34428)

  • undertow: potential security issue in flow control over HTTP/2 may lead to DOS (CVE-2021-3629)

  • xstream (CVE-2021-39144, CVE-2021-39141, CVE-2021-39154, CVE-2021-39153, CVE-2021-39152, CVE-2021-39151, CVE-2021-39150, CVE-2021-39149, CVE-2021-39148, CVE-2021-39147, CVE-2021-39146, CVE-2021-39145, CVE-2021-39140, CVE-2021-39139, CVE-2021-21351, CVE-2021-21350, CVE-2021-21349, CVE-2021-21348, CVE-2021-21347, CVE-2021-21346, CVE-2021-21345, CVE-2021-21344, CVE-2021-21343, CVE-2021-21342, CVE-2021-21341, CVE-2021-29505, CVE-2020-26259, CVE-2020-26258, CVE-2020-26217)

  • wildfly-elytron: possible timing attack in ScramServer (CVE-2021-3642)

  • RESTEasy: Caching routes in RootNode may result in DoS (CVE-2020-14326)

  • resteasy-core: resteasy: Error message exposes endpoint class information (CVE-2021-20289)

  • velocity: arbitrary code execution when attacker is able to modify templates (CVE-2020-13936)

  • undertow: buffer leak on incoming websocket PONG message may lead to DoS (CVE-2021-3690)

  • mongodb-driver: mongo-java-driver: client-side field level encryption not verifying KMS host name (CVE-2021-20328)

  • gradle: information disclosure through temporary directory permissions (CVE-2021-29429)

  • json-smart: uncaught exception may lead to crash or information disclosure (CVE-2021-27568)

  • bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible (CVE-2020-28052)

  • jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

ibm 46
openvas 25
debian 7
nessus 39
fedora 3
suse 6
redhat 25
mageia 2
amazon 2
ubuntu 3
osv 13
oraclelinux 2
centos 1
githubexploit 3
attackerkb 1
atlassian 2
debiancve 1
prion 2
github 3
cve 4
veracode 2
redhatcve 2
alpinelinux 1
ubuntucve 2
freebsd 1
nuclei 1
ibm
ibm
Security Bulletin: Vulnerabilities in XStream affect IBM Spectrum Copy Data Management
2021-12-11 00:37:03
Security Bulletin: IBM Security Verify Governance is vulnerable to multiple security threats due to use of XStream
2022-11-22 16:29:37
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in XStream
2021-10-01 06:19:43
openvas
openvas
Fedora: Security Advisory for xstream (FEDORA-2021-5e376c0ed9)
2021-10-30 00:00:00
Fedora: Security Advisory for xstream (FEDORA-2021-fbad11014a)
2021-10-21 00:00:00
Fedora: Security Advisory for xstream (FEDORA-2021-d894ca87dc)
2021-10-21 00:00:00
debian
debian
[SECURITY] [DSA 5004-1] libxstream-java security update
2021-11-10 20:29:25
[SECURITY] [DSA 5004-1] libxstream-java security update
2021-11-10 20:29:25
[SECURITY] [DSA 5004-1] libxstream-java security update
2021-11-10 20:46:19
nessus
nessus
Debian DSA-5004-1 : libxstream-java - security update
2021-11-12 00:00:00
RHEL 7 : xstream (RHSA-2021:3956)
2021-10-26 00:00:00
Amazon Linux 2 : xstream (ALAS-2021-1729)
2021-12-10 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: xstream-1.4.18-2.fc33
2021-10-12 23:47:14
[SECURITY] Fedora 34 Update: xstream-1.4.18-2.fc34
2021-10-12 23:45:05
[SECURITY] Fedora 35 Update: xstream-1.4.18-2.fc35
2021-10-29 23:18:39
suse
suse
Security update for xstream (important)
2021-10-31 00:00:00
Security update for xstream (important)
2021-10-20 00:00:00
Security update for xstream (important)
2021-07-11 00:00:00
redhat
redhat
(RHSA-2021:3956) Important: xstream security update
2021-10-25 06:30:03
(RHSA-2021:4918) Moderate: Red Hat Integration Camel-K 1.6 release and security update
2021-12-02 16:13:28
(RHSA-2022:0297) Moderate: Red Hat Decision Manager 7.12.0 security update
2022-01-26 16:28:59
mageia
mageia
Updated xstream/xmlpull/mxparser packages fix security vulnerability
2021-10-13 22:39:52
Updated xstream packages fix security vulnerabilities
2021-07-25 17:45:06
amazon
amazon
Important: xstream
2021-12-08 16:28:00
Important: xstream
2021-05-20 17:10:00
ubuntu
ubuntu
XStream vulnerabilities
2023-03-13 00:00:00
XStream vulnerabilities
2021-05-11 00:00:00
XStream vulnerabilities
2021-01-28 00:00:00
osv
osv
libxstream-java - security update
2021-11-10 00:00:00
libxstream-java vulnerabilities
2023-03-13 10:57:59
libxstream-java - security update
2021-09-29 00:00:00
oraclelinux
oraclelinux
xstream security update
2021-10-25 00:00:00
xstream security update
2021-04-27 00:00:00
centos
centos
xstream security update
2021-04-29 17:56:41
githubexploit
githubexploit
Exploit for Unrestricted Upload of File with Dangerous Type in Xstream Project Xstream
2021-08-24 06:15:20
Exploit for OS Command Injection in Xstream Project Xstream
2020-12-13 17:39:11
Exploit for OS Command Injection in Xstream Project Xstream
2021-01-22 09:56:11
attackerkb
attackerkb
CVE-2021-28169
2021-06-09 00:00:00
atlassian
atlassian
XStream upgrade to 1.4.18
2021-09-10 04:35:37
XStream upgrade to 1.4.18
2021-09-10 04:35:37
debiancve
debiancve
CVE-2021-29429
2021-04-12 22:15:00
prion
prion
Design/Logic Flaw
2021-02-18 16:15:00
Information disclosure
2021-04-12 22:15:00
github
github
Denial of Service (DoS) in Jackson Dataformat CBOR
2021-12-09 19:17:21
Logic error in Legion of the Bouncy Castle BC Java
2021-04-30 16:14:15
RESTEasy 4.5.5.Final in hash flooding
2022-03-18 17:58:59
cve
cve
CVE-2021-27568
2021-02-23 02:15:00
CVE-2021-29429
2021-04-12 22:15:00
CVE-2021-20289
2021-03-26 17:15:00
veracode
veracode
Denial Of Service (DoS)
2021-02-19 01:15:41
Denial Of Service (DoS)
2022-03-22 14:33:27
redhatcve
redhatcve
CVE-2021-29429
2021-04-14 17:39:30
CVE-2020-14326
2020-07-13 05:21:12
alpinelinux
alpinelinux
CVE-2021-29429
2021-04-12 22:15:00
ubuntucve
ubuntucve
CVE-2021-29429
2021-04-12 00:00:00
CVE-2020-14326
2021-06-02 00:00:00
freebsd
freebsd
bouncycastle15 -- bcrypt password checking vulnerability
2020-11-02 00:00:00
nuclei
nuclei
XStream <1.4.15 - Server-Side Request Forgery
2023-03-12 03:38:05

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON
Related for RHSA-2021:4767
ibm46openvas25debian7nessus39fedora3suse6redhat25mageia2amazon2ubuntu3osv13oraclelinux2centos1githubexploit3attackerkb1atlassian2debiancve1prion2github3cve4veracode2redhatcve2alpinelinux1ubuntucve2freebsd1nuclei1