Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:5606
HistoryJul 19, 2022 - 1:36 p.m.

(RHSA-2022:5606) Moderate: Red Hat Integration Camel Extensions for Quarkus 2.7 security update

2022-07-1913:36:43
access.redhat.com
47

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.02 Low

EPSS

Percentile

88.7%

JSON

Red Hat Integration - Camel Extensions for Quarkus 2.7 serves as a replacement for 2.2.1 and includes the following security Fix(es):

Security Fix(es):

  • hadoop: WebHDFS client might send SPNEGO authorization header (CVE-2020-9492)

  • lz4: memory corruption due to an integer overflow bug caused by memmove argument (CVE-2021-3520)

  • elasticsearch: executing async search improperly stores HTTP headers leading to information disclosure (CVE-2021-22132)

  • jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck (CVE-2021-37714)

  • Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients (CVE-2021-38153)

  • xstream: Injecting highly recursive collections or maps can cause a DoS (CVE-2021-43859)

  • quarkus: privilege escalation vulnerability with RestEasy Reactive scope leakage in Quarkus (CVE-2022-0981)

  • elasticsearch: Document disclosure flaw in the Elasticsearch suggester (CVE-2021-22135)

  • elasticsearch: Document disclosure flaw when Document or Field Level Security is used (CVE-2021-22137)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

ibm 25
redhat 8
github 9
osv 33
prion 10
cve 10
ubuntucve 7
redhatcve 10
veracode 9
nessus 43
cnvd 1
suse 4
atlassian 1
fedora 2
cbl_mariner 1
debiancve 3
debian 4
vaadin 1
ubuntu 2
archlinux 1
rocky 1
mageia 1
almalinux 1
oraclelinux 1
rustsec 1
cloudfoundry 1
photon 6
alpinelinux 2
freebsd 1
ibm
ibm
Security Bulletin: Vulnerability in Elasticsearch affects IBM Cloud Private (CVE-2021-22135, CVE-2021-22137)
2022-01-04 20:51:38
Security Bulletin: IBM Security SOAR is using a version of Elasticsearch that has known vulnerabilities (CVE-2021-22137, CVE-2021-22135)
2021-09-27 19:24:38
Security Bulletin: Vulnerability affects IBM Observability with Instana
2022-01-11 20:10:06
redhat
redhat
(RHSA-2022:6407) Moderate: Red Hat Integration Camel-K 1.8 security update
2022-09-09 07:10:55
(RHSA-2022:0737) Moderate: Red Hat build of Eclipse Vert.x 4.2.5 security update
2022-03-31 11:11:24
(RHSA-2021:2575) Moderate: lz4 security update
2021-06-29 13:43:40
github
github
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
2022-05-24 19:02:19
Insufficiently Protected Credentials in Elasticsearch
2021-03-18 19:27:27
API information disclosure flaw in Elasticsearch
2021-07-02 18:33:02
osv
osv
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
2022-05-24 19:02:19
BIT-elasticsearch-2021-22137
2024-03-06 10:53:35
CVE-2021-22135
2021-05-13 18:15:08
prion
prion
Information disclosure
2021-01-14 20:15:00
Design/Logic Flaw
2021-05-13 18:15:00
Authorization
2021-01-26 18:16:00
cve
cve
CVE-2021-22137
2021-05-13 18:15:00
CVE-2021-22132
2021-01-14 20:15:00
CVE-2021-22135
2021-05-13 18:15:00
ubuntucve
ubuntucve
CVE-2021-22132
2021-01-14 00:00:00
CVE-2021-22135
2021-05-13 00:00:00
CVE-2021-38153
2021-09-22 00:00:00
redhatcve
redhatcve
CVE-2021-22135
2022-04-26 22:20:26
CVE-2021-22137
2021-03-25 14:58:19
CVE-2021-22132
2021-02-01 15:13:12
veracode
veracode
Information Disclosure
2021-03-19 05:35:47
Information Disclosure
2021-01-27 06:24:24
Information Disclosure
2021-05-17 07:46:38
nessus
nessus
SUSE SLED15 / SLES15 Security Update : jsoup, jsr-305 (SUSE-SU-2022:1265-1)
2022-04-21 00:00:00
Photon OS 3.0: Kafka PHSA-2021-3.0-0324
2021-11-12 00:00:00
openSUSE 15 Security Update : xstream (openSUSE-SU-2022:0817-1)
2022-03-17 00:00:00
cnvd
cnvd
Apache Kafka timing attack vulnerability
2021-09-22 00:00:00
suse
suse
Security update for xstream (moderate)
2022-03-14 00:00:00
Security update for jsoup, jsr-305 (important)
2022-04-19 00:00:00
Security update for lz4 (important)
2021-05-22 00:00:00
atlassian
atlassian
DoS (Denial of Service) org.jsoup:jsoup in Jira Software Data Center and Server
2023-11-12 13:45:30
fedora
fedora
[SECURITY] Fedora 34 Update: xstream-1.4.19-1.fc34
2022-02-12 01:16:35
[SECURITY] Fedora 35 Update: xstream-1.4.19-1.fc35
2022-02-12 01:20:20
cbl_mariner
cbl_mariner
CVE-2021-37714 affecting package jsoup 1.11.3-3
2024-04-20 03:10:30
debiancve
debiancve
CVE-2021-37714
2021-08-18 15:15:00
CVE-2021-43859
2022-02-01 12:15:00
CVE-2021-3520
2021-06-02 13:15:00
debian
debian
[SECURITY] [DLA 2924-1] libxstream-java security update
2022-02-15 21:37:16
[SECURITY] [DLA 2657-1] lz4 security update
2021-05-12 10:23:19
[SECURITY] [DSA 4919-1] lz4 security update
2021-05-21 12:51:40
vaadin
vaadin
Denial of service in third-party component in Vaadin 7 and 8
2021-10-27 00:00:00
ubuntu
ubuntu
LZ4 vulnerability
2021-05-31 00:00:00
LZ4 vulnerability
2021-05-26 00:00:00
archlinux
archlinux
[ASA-202105-27] lz4: denial of service
2021-05-25 00:00:00
rocky
rocky
lz4 security update
2021-06-29 13:43:40
mageia
mageia
Updated lz4 packages fix a security vulnerability
2021-06-08 17:33:02
almalinux
almalinux
Moderate: lz4 security update
2021-06-29 13:43:40
oraclelinux
oraclelinux
lz4 security update
2021-06-30 00:00:00
rustsec
rustsec
Memory corruption in liblz4
2022-08-25 12:00:00
cloudfoundry
cloudfoundry
USN-4968-1: LZ4 vulnerability | Cloud Foundry
2021-06-11 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2021-0255
2021-06-17 00:00:00
Critical Photon OS Security Update - PHSA-2021-0324
2021-11-02 00:00:00
Critical Photon OS Security Update - PHSA-2021-3.0-0255
2021-06-18 00:00:00
alpinelinux
alpinelinux
CVE-2021-3520
2021-06-02 13:15:00
CVE-2022-0538
2022-02-09 14:15:00
freebsd
freebsd
jenkins -- DoS vulnerability in bundled XStream library
2022-02-09 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.02 Low

EPSS

Percentile

88.7%

JSON
Related for RHSA-2022:5606
ibm25redhat8github9osv33prion10cve10ubuntucve7redhatcve10veracode9nessus43cnvd1suse4atlassian1fedora2cbl_mariner1debiancve3debian4vaadin1ubuntu2archlinux1rocky1mageia1almalinux1oraclelinux1rustsec1cloudfoundry1photon6alpinelinux2freebsd1