Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2023:7697
HistoryDec 07, 2023 - 1:39 p.m.

(RHSA-2023:7697) Moderate: AMQ Clients 2023.Q4

2023-12-0713:39:41
access.redhat.com
7
red hat amq
client package
bug fixes
enhancements
security fixes
cve-2023-34050
cve-2023-34462
cve-2023-40167
cve-2022-1471
cve-2022-25857
cve-2022-38749
cve-2022-41854
cve-2023-1370
cvss score

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.7%

JSON

Each Red Hat AMQ Client enables sending, and receiving messages to or from AMQ Broker 7.

This update provides various bug fixes and enhancements in addition to the
client package versions previously released on Red Hat Enterprise Linux 8
and 9.

Security Fix(es):

  • (CVE-2023-34050) springframework-amqp: Deserialization Vulnerability
  • (CVE-2023-34462) netty: SniHandler 16MB allocation leads to OOM
  • (CVE-2023-40167) jetty: Improper validation of HTTP/1 content-length
  • (CVE-2022-1471) SnakeYaml: Constructor Deserialization Remote Code Execution
  • (CVE-2022-25857) snakeyaml: Denial of Service due to missing nested depth limitation for collections
  • (CVE-2022-38749) snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode
  • (CVE-2022-41854) dev-java/snakeyaml: DoS via stack overflow
  • (CVE-2023-1370) json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Related

openvas 8
ibm 63
fedora 3
prion 8
osv 21
cve 8
redhatcve 8
redhat 6
nessus 20
debian 1
ubuntu 1
amazon 2
veracode 6
cbl_mariner 3
github 8
ubuntucve 7
wolfi 2
debiancve 6
cgr 4
oraclelinux 2
rosalinux 1
rocky 2
gitlab 1
almalinux 1
atlassian 3
suse 1
hackerone 1
f5 1
githubexploit 1
openvas
openvas
Fedora: Security Advisory for snakeyaml (FEDORA-2022-c01dd659fa)
2022-12-21 00:00:00
Fedora: Security Advisory for snakeyaml (FEDORA-2022-8a4e8aa190)
2022-12-21 00:00:00
Debian: Security Advisory (DLA-3132-1)
2022-10-05 00:00:00
ibm
ibm
Security Bulletin: Multiple Vulnerabilities related to SnakeYAML in Logstash shipped with IBM Operations Analytics - Log Analysis
2023-04-03 07:34:54
Security Bulletin: IBM InfoSphere Information Server is affected but not classified as vulnerable to multiple vulnerabilities in snakeYAML
2023-07-14 21:40:56
Security Bulletin: Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated.
2023-12-20 20:15:14
fedora
fedora
[SECURITY] Fedora 36 Update: snakeyaml-1.32-1.fc36
2022-12-21 01:18:24
[SECURITY] Fedora 37 Update: snakeyaml-1.32-1.fc37
2022-12-21 01:29:20
[SECURITY] Fedora 38 Update: picocli-4.7.4-1.fc38
2023-07-06 02:19:58
prion
prion
Deserialization of untrusted data
2023-10-19 08:15:00
Design/Logic Flaw
2023-09-15 20:15:00
Input validation
2022-09-05 10:15:00
osv
osv
CVE-2023-34050
2023-10-19 08:15:08
snakeyaml vulnerabilities
2023-03-10 10:18:12
snakeyaml - security update
2022-10-02 00:00:00
cve
cve
CVE-2023-34050
2023-10-19 08:15:08
CVE-2023-40167
2023-09-15 20:15:09
CVE-2022-38749
2022-09-05 10:15:00
redhatcve
redhatcve
CVE-2023-34050
2023-10-26 18:27:15
CVE-2023-40167
2023-09-22 20:25:01
CVE-2023-34462
2023-07-19 21:30:25
redhat
redhat
(RHSA-2023:5946) Important: Red Hat AMQ Broker 7.11.3 release and security update
2023-10-19 18:59:57
(RHSA-2022:6941) Important: Red Hat build of Quarkus Platform 2.7.6.SP1 and security update
2022-10-13 11:12:49
(RHSA-2022:6820) Moderate: prometheus-jmx-exporter security update
2022-10-06 07:13:19
nessus
nessus
Debian DLA-3132-1 : snakeyaml - LTS security update
2022-10-03 00:00:00
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : SnakeYAML vulnerabilities (USN-5944-1)
2023-03-10 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : netty, netty-tcnative (SUSE-SU-2023:2974-1)
2023-07-27 00:00:00
debian
debian
[SECURITY] [DLA 3132-1] snakeyaml security update
2022-10-02 22:06:58
ubuntu
ubuntu
SnakeYAML vulnerabilities
2023-03-10 00:00:00
amazon
amazon
Medium: jetty
2024-02-15 03:52:00
Important: snakeyaml
2023-03-02 22:35:00
veracode
veracode
Denial Of Service (DoS)
2022-09-06 07:02:47
HTTP Request Smuggling
2023-09-20 09:06:57
Denial Of Service (DoS)
2023-06-27 07:44:28
cbl_mariner
cbl_mariner
CVE-2022-38749 affecting package snakeyaml 1.25-2
2024-05-13 09:07:01
CVE-2022-41854 affecting package snakeyaml 1.25-2
2024-05-13 09:07:01
CVE-2022-25857 affecting package snakeyaml 1.25-2
2024-05-13 09:07:01
github
github
Jetty accepts "+" prefixed value in Content-Length
2023-09-14 16:17:27
snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write
2022-09-06 00:00:27
Snakeyaml vulnerable to Stack overflow leading to denial of service
2022-11-11 19:00:31
ubuntucve
ubuntucve
CVE-2023-40167
2023-09-15 00:00:00
CVE-2023-34462
2023-06-22 00:00:00
CVE-2022-41854
2022-11-11 00:00:00
wolfi
wolfi
CVE-2023-40167 vulnerabilities
2024-05-13 09:06:53
CVE-2023-34462 vulnerabilities
2024-05-13 09:06:53
debiancve
debiancve
CVE-2023-40167
2023-09-15 20:15:09
CVE-2023-34462
2023-06-22 23:15:09
CVE-2022-38749
2022-09-05 10:15:00
cgr
cgr
CVE-2023-34462 vulnerabilities
2024-05-13 09:06:52
CVE-2023-40167 vulnerabilities
2024-05-13 09:06:52
CVE-2023-1370 vulnerabilities
2024-05-13 15:35:11
oraclelinux
oraclelinux
prometheus-jmx-exporter security update
2022-10-06 00:00:00
prometheus-jmx-exporter security update
2022-12-15 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2304
2023-12-12 12:18:26
rocky
rocky
prometheus-jmx-exporter security update
2022-10-06 07:13:19
prometheus-jmx-exporter security update
2022-12-15 15:08:09
gitlab
gitlab
Out-of-bounds Write
2022-09-06 00:00:00
almalinux
almalinux
Moderate: prometheus-jmx-exporter security update
2022-10-06 00:00:00
atlassian
atlassian
Json-smart Vulnerability in Jira Service Management Data Center and Server
2023-10-08 03:44:24
DoS (Denial of Service) net.minidev:json-smart Dependency in Jira Software Data Center and Server
2024-04-04 04:45:52
RCE (Remote Code Execution) in - CVE-2022-1471
2023-10-08 08:44:33
suse
suse
Security update for snakeyaml (important)
2022-09-26 00:00:00
hackerone
hackerone
Kubernetes: The `io.kubernetes.client.util.generic.dynamic.Dynamics` contains a code execution vulnerability due to SnakeYAML
2022-12-15 19:07:04
f5
f5
K000132638 : SnakeYAML vulnerability CVE-2022-1471
2023-02-16 00:00:00
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Snakeyaml Project Snakeyaml
2023-03-02 16:33:02

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.7%

JSON
Related for RHSA-2023:7697
openvas8ibm63fedora3prion8osv21cve8redhatcve8redhat6nessus20debian1ubuntu1amazon2veracode6cbl_mariner3github8ubuntucve7wolfi2debiancve6cgr4oraclelinux2rosalinux1rocky2gitlab1almalinux1atlassian3suse1hackerone1f51githubexploit1