Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2023:5396
HistorySep 28, 2023 - 11:54 a.m.

(RHSA-2023:5396) Moderate: Red Hat Data Grid 8.4.4 security update

2023-09-2811:54:13
access.redhat.com
53
red hat data grid
security update
bug fixes
enhancements
nosql datastore
cve
rest api
denial of service
information exposure
circular reference

0.01 Low

EPSS

Percentile

83.7%

JSON

Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale.

Data Grid 8.4.4 replaces Data Grid 8.4.3 and includes bug fixes and enhancements. Find out more about Data Grid 8.4.4 in the Release Notes[3].

Security Fix(es):

  • infispan: REST bulk ops don’t check permissions (CVE-2023-3628)

  • infinispan: Non-admins should not be able to get cache config via REST API (CVE-2023-3629)

  • netty: SniHandler 16MB allocation leads to OOM (CVE-2023-34462)

  • jackson-databind: denial of service via cylic dependencies (CVE-2023-35116)

  • apache-mina: information exposure in SFTP server implementations (CVE-2023-35887)

  • infinispan: circular reference on marshalling leads to DoS (CVE-2023-5236)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

ibm 59
cve 7
veracode 3
prion 7
redhatcve 7
nessus 39
osv 7
github 3
cvelist 7
nvd 7
ubuntucve 2
f5 1
cnvd 2
debiancve 2
cgr 1
redhat 35
openvas 4
wolfi 1
rosalinux 1
debian 1
redos 1
qualysblog 2
ibm
ibm
Security Bulletin: Security Vulnerabilities in JRE and Java packages affect IBM Voice Gateway
2023-08-14 15:10:52
Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to information disclosure due to Apache MINA SSHD (CVE-2023-35887)
2023-09-30 04:29:27
Security Bulletin: A vulnerability has been identified in the IBM Spectrum Scale GUI where a remote authenticated user can execute commands [CVE-2022-45047]
2023-04-14 11:30:36
cve
cve
CVE-2022-45047
2022-11-16 09:15:14
CVE-2023-34462
2023-06-22 23:15:09
CVE-2023-35116
2023-06-14 14:15:10
veracode
veracode
Deserialization Of Untrusted Data
2022-11-17 08:30:02
Information Disclosure
2023-07-13 08:56:24
Denial Of Service (DoS)
2023-06-27 07:44:28
prion
prion
Deserialization of untrusted data
2022-11-16 09:15:00
Code injection
2023-06-14 14:15:00
Design/Logic Flaw
2023-07-10 16:15:00
redhatcve
redhatcve
CVE-2023-35116
2023-08-22 17:50:09
CVE-2023-35887
2023-09-21 13:24:39
CVE-2022-45047
2022-11-23 13:56:39
nessus
nessus
RHEL 9 : jackson-databind (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 8 : apache-mina-sshd (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 6 : jackson-databind (Unpatched Vulnerability)
2024-06-03 00:00:00
osv
osv
CVE-2023-35887
2023-07-10 16:15:53
Apache MINA SSHD information disclosure vulnerability
2023-07-10 18:30:49
CVE-2022-45047
2022-11-16 09:15:14
github
github
Unsafe deserialization in Apache MINA SSHD
2022-11-16 12:00:18
Apache MINA SSHD information disclosure vulnerability
2023-07-10 18:30:49
netty-handler SniHandler 16MB allocation
2023-06-20 16:33:22
cvelist
cvelist
CVE-2023-35116
2023-06-14 00:00:00
CVE-2023-35887 Apache MINA SSHD: Information disclosure bugs with RootedFilesystem
2023-07-10 09:28:54
CVE-2022-45047 Apache MINA SSHD: Java unsafe deserialization vulnerability
2022-11-16 00:00:00
nvd
nvd
CVE-2023-35887
2023-07-10 16:15:53
CVE-2022-45047
2022-11-16 09:15:14
CVE-2023-35116
2023-06-14 14:15:10
ubuntucve
ubuntucve
CVE-2023-35116
2023-06-14 00:00:00
CVE-2023-34462
2023-06-22 00:00:00
f5
f5
K91021753 : Apache MINA vulnerability CVE-2022-45047
2022-11-18 00:00:00
cnvd
cnvd
Apache MINA deserialization vulnerability
2022-11-18 00:00:00
Apache MINA Information Disclosure Vulnerability
2023-07-12 00:00:00
debiancve
debiancve
CVE-2023-34462
2023-06-22 23:15:09
CVE-2023-35116
2023-06-14 14:15:00
cgr
cgr
CVE-2023-34462 vulnerabilities
2024-05-19 03:07:16
redhat
redhat
(RHSA-2023:7705) Important: Red Hat Build of Apache Camel for Quarkus 2.13.3 security update (RHBQ 2.13.9.Final)
2023-12-07 15:30:42
(RHSA-2023:0074) Important: RHV 4.4 SP1 [ovirt-4.5.3-3] security update
2023-01-11 11:20:51
(RHSA-2022:8957) Important: Red Hat build of Quarkus Platform 2.7.6.SP3 and security update
2022-12-13 13:18:12
openvas
openvas
openSUSE: Security Advisory for netty, netty (SUSE-SU-2023:2974-1)
2024-03-04 00:00:00
openSUSE: Security Advisory for apache (SUSE-SU-2024:0224-1)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0224-1)
2024-01-26 00:00:00
wolfi
wolfi
CVE-2023-34462 vulnerabilities
2024-06-21 15:32:02
rosalinux
rosalinux
Advisory ROSA-SA-2023-2304
2023-12-12 12:18:26
debian
debian
[SECURITY] [DSA 5558-1] netty security update
2023-11-18 16:33:00
redos
redos
ROS-20240514-04
2024-05-14 00:00:00
qualysblog
qualysblog
Oracle Patch Tuesday April 2023 Security Update Review
2023-04-19 11:47:21
Oracle Patch Tuesday, July 2023 Security Update Review
2023-07-19 15:56:06

0.01 Low

EPSS

Percentile

83.7%

JSON
Related for RHSA-2023:5396
ibm59cve7veracode3prion7redhatcve7nessus39osv7github3cvelist7nvd7ubuntucve2f51cnvd2debiancve2cgr1redhat35openvas4wolfi1rosalinux1debian1redos1qualysblog2