Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2023:0554
HistoryJan 31, 2023 - 1:05 p.m.

(RHSA-2023:0554) Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update

2023-01-3113:05:09
access.redhat.com
29

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.061 Low

EPSS

Percentile

93.4%

JSON

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

  • jquery: Prototype pollution in object’s prototype leading to denial of
    service, remote code execution, or property injection (CVE-2019-11358)

  • jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)

  • bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute
    (CVE-2018-14040)

  • jquery: Untrusted code execution via <option> tag in HTML passed to DOM
    manipulation methods (CVE-2020-11023)

  • jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
    (CVE-2020-11022)

  • bootstrap: XSS in the data-target attribute (CVE-2016-10735)

  • bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy
    (CVE-2018-14041)

  • sshd-common: mina-sshd: Java unsafe deserialization vulnerability
    (CVE-2022-45047)

  • woodstox-core: woodstox to serialise XML data was vulnerable to Denial of
    Service attacks (CVE-2022-40152)

  • bootstrap: Cross-site Scripting (XSS) in the data-container property of
    tooltip (CVE-2018-14042)

  • bootstrap: XSS in the tooltip or popover data-template attribute
    (CVE-2019-8331)

  • nodejs-moment: Regular expression denial of service (CVE-2017-18214)

  • wildfly-elytron: possible timing attacks via use of unsafe comparator
    (CVE-2022-3143)

  • jackson-databind: use of deeply nested arrays (CVE-2022-42004)

  • jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
    (CVE-2022-42003)

  • jettison: parser crash by stackoverflow (CVE-2022-40149)

  • jettison: memory exhaustion via user-supplied XML or JSON data
    (CVE-2022-40150)

  • jettison: If the value in map is the map’s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)

  • CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)

OSVersionArchitecturePackageVersionFilename
RedHat9noarcheap7-ironjacamar-core-impl< 1.5.10-1.Final_redhat_00001.1.el9eapeap7-ironjacamar-core-impl-1.5.10-1.Final_redhat_00001.1.el9eap.noarch.rpm
RedHat9noarcheap7-jackson-annotations< 2.12.7-1.redhat_00003.1.el9eapeap7-jackson-annotations-2.12.7-1.redhat_00003.1.el9eap.noarch.rpm
RedHat9noarcheap7-jackson-modules-java8< 2.12.7-1.redhat_00003.1.el9eapeap7-jackson-modules-java8-2.12.7-1.redhat_00003.1.el9eap.noarch.rpm
RedHat9noarcheap7-ironjacamar-common-impl< 1.5.10-1.Final_redhat_00001.1.el9eapeap7-ironjacamar-common-impl-1.5.10-1.Final_redhat_00001.1.el9eap.noarch.rpm
RedHat9noarcheap7-jboss-server-migration-cli< 1.10.0-24.Final_redhat_00023.1.el9eapeap7-jboss-server-migration-cli-1.10.0-24.Final_redhat_00023.1.el9eap.noarch.rpm
RedHat9noarcheap7-ironjacamar-deployers-common< 1.5.10-1.Final_redhat_00001.1.el9eapeap7-ironjacamar-deployers-common-1.5.10-1.Final_redhat_00001.1.el9eap.noarch.rpm
RedHat9noarcheap7-ironjacamar-core-api< 1.5.10-1.Final_redhat_00001.1.el9eapeap7-ironjacamar-core-api-1.5.10-1.Final_redhat_00001.1.el9eap.noarch.rpm
RedHat9noarcheap7-jboss-server-migration-core< 1.10.0-24.Final_redhat_00023.1.el9eapeap7-jboss-server-migration-core-1.10.0-24.Final_redhat_00023.1.el9eap.noarch.rpm
RedHat9noarcheap7-jboss-jsf-api_2.3_spec< 3.0.0-6.SP07_redhat_00001.1.el9eapeap7-jboss-jsf-api_2.3_spec-3.0.0-6.SP07_redhat_00001.1.el9eap.noarch.rpm
RedHat9noarcheap7-jackson-core< 2.12.7-1.redhat_00003.1.el9eapeap7-jackson-core-2.12.7-1.redhat_00003.1.el9eap.noarch.rpm
Rows per page:
1-10 of 451

Related

redhat 15
nessus 42
ics 1
hackerone 1
amazon 2
oraclelinux 4
ibm 71
osv 11
rocky 2
centos 1
almalinux 2
laminas 1
atlassian 6
altlinux 1
rubygems 1
ubuntu 1
openvas 12
debian 4
jvn 1
github 3
debiancve 1
f5 1
ubuntucve 1
cve 1
prion 1
gitlab 1
gentoo 1
suse 1
attackerkb 2
githubexploit 2
hp 1
fedora 1
joomla 1
checkpoint_advisories 1
drupal 1
redhat
redhat
(RHSA-2023:0552) Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
2023-01-31 13:04:41
(RHSA-2023:0553) Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
2023-01-31 13:04:53
(RHSA-2023:0556) Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
2023-01-31 13:12:10
nessus
nessus
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.9 Security update (Important) (RHSA-2023:0553)
2023-01-31 00:00:00
RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.9 Security update (Important) (RHSA-2023:0554)
2023-01-31 00:00:00
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.9 Security update (Important) (RHSA-2023:0552)
2023-01-31 00:00:00
ics
ics
Mitsubishi Electric EcoWebServerIII
2022-02-24 12:00:00
hackerone
hackerone
Sifchain: Vulnerable javascript dependency at Main domain
2021-05-07 20:48:11
amazon
amazon
Medium: ipa
2020-10-22 17:40:00
Important: jettison
2023-06-07 23:52:00
oraclelinux
oraclelinux
idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-10 00:00:00
ipa security, bug fix, and enhancement update
2020-10-06 00:00:00
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-11-10 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities found in third party libraries used by IBM® MobileFirst Platform
2023-04-19 17:26:48
Security Bulletin: jQuery included in ITNM is vulnerable to Cross-site Scripting (XSS) attacks (multiple vulnerabilities)
2023-01-05 15:14:50
Security Bulletin: Vulnerability in jQuery affects IBM Process Mining (Multiple CVEs)
2023-02-01 21:57:35
osv
osv
Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-03 12:25:36
Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-03 12:25:36
libjettison-java vulnerabilities
2023-06-19 11:39:43
rocky
rocky
idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-03 12:25:36
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-11-03 12:29:58
centos
centos
ipa, python2 security update
2020-10-20 18:15:27
almalinux
almalinux
Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-03 12:25:36
Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-11-03 12:29:58
laminas
laminas
XSS vectors in laminas-api-tools/api-tools
2020-04-01 21:30:00
atlassian
atlassian
Update jQuery to avoid CVE-2020-11022, CVE-2020-11023, and CVE-2015-9251
2021-02-16 18:28:38
Jira uses vulnerable jQuery version CVE-2015-9251
2020-04-20 13:29:57
jquery 2.2.4 XSS vulnerability
2022-08-24 14:53:45
altlinux
altlinux
Security fix for the ALT Linux 9 package phpipam version 1.42.027-alt1
2020-10-21 00:00:00
rubygems
rubygems
XSS vulnerabilities via data-parent, data-target, data-container in bootstrap
2018-07-02 21:00:00
ubuntu
ubuntu
Jettison vulnerabilities
2023-06-19 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5312-1)
2023-01-12 00:00:00
Ubuntu: Security Advisory (USN-6177-1)
2023-06-20 00:00:00
openSUSE: Security Advisory for otrs (openSUSE-SU-2020:1888-1)
2020-11-10 00:00:00
debian
debian
[SECURITY] [DSA 5312-1] libjettison-java security update
2023-01-10 23:10:35
[SECURITY] [DSA 4693-1] drupal7 security update
2020-05-26 21:08:21
[SECURITY] [DLA 2608-1] jquery security update
2021-03-26 01:32:22
jvn
jvn
JVN#06527859: KinagaCMS vulnerable to cross-site scripting
2019-03-15 00:00:00
github
github
Bootstrap Cross-site Scripting vulnerability
2018-09-13 15:50:32
Bootstrap Cross-site Scripting vulnerability
2018-09-13 15:49:56
Bootstrap Cross-site Scripting vulnerability
2019-01-17 13:57:27
debiancve
debiancve
CVE-2016-10735
2019-01-09 05:29:00
f5
f5
K000133673 : Bootstrap vulnerability CVE-2016-10735
2023-04-27 00:00:00
ubuntucve
ubuntucve
CVE-2016-10735
2019-01-09 00:00:00
cve
cve
CVE-2016-10735
2019-01-09 05:29:00
prion
prion
Code injection
2019-01-09 05:29:00
gitlab
gitlab
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
2019-01-09 00:00:00
gentoo
gentoo
FasterXML jackson-databind: Multiple vulnerabilities
2022-10-31 00:00:00
suse
suse
Security update for otrs (moderate)
2020-11-10 00:00:00
attackerkb
attackerkb
CVE-2020-11022
2020-04-29 00:00:00
CVE-2020-11023
2020-04-29 00:00:00
githubexploit
githubexploit
Exploit for Cross-site Scripting in Jquery
2021-10-16 01:10:33
Exploit for Cross-site Scripting in Jquery
2020-04-14 19:12:01
hp
hp
HPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)
2020-09-17 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: drupal8-8.9.0-1.fc32
2020-06-16 01:32:24
joomla
joomla
[20200604] - Core - XSS in jQuery.htmlPrefilter
2020-04-10 00:00:00
checkpoint_advisories
checkpoint_advisories
jQuery Cross Site Scripting (CVE-2020-11022; CVE-2020-11023)
2020-11-16 00:00:00
drupal
drupal
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002
2020-05-20 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.061 Low

EPSS

Percentile

93.4%

JSON
Related for RHSA-2023:0554
redhat15nessus42ics1hackerone1amazon2oraclelinux4ibm71osv11rocky2centos1almalinux2laminas1atlassian6altlinux1rubygems1ubuntu1openvas12debian4jvn1github3debiancve1f51ubuntucve1cve1prion1gitlab1gentoo1suse1attackerkb2githubexploit2hp1fedora1joomla1checkpoint_advisories1drupal1