Lucene search

K
redhatRedHatRHSA-2023:0756
HistoryFeb 14, 2023 - 11:39 a.m.

(RHSA-2023:0756) Important: Red Hat JBoss Enterprise Application Platform 7.4.9 XP 4.0.0.GA Security release

2023-02-1411:39:31
access.redhat.com
45
red hat
jboss eap
security release
libksba
integer overflow
okhttp
information disclosure
cryptographic function
cve-2022-47629
cve-2021-0341
unix

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

71.5%

This is a cumulative patch release zip for the JBoss EAP XP 4.0.0 runtime distribution for use with EAP 7.4.9.

Security Fix(es):

  • libksba: integer overflow to code execution (CVE-2022-47629)

  • okhttp: information disclosure via improperly used cryptographic function (CVE-2021-0341)

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

71.5%