Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2024:1027
HistoryFeb 28, 2024 - 6:11 p.m.

(RHSA-2024:1027) Moderate: Migration Toolkit for Applications security update

2024-02-2818:11:53
access.redhat.com
9
migration toolkit
security fix
golang
jettison
apache-ivy
guava
follow-redirects
net/http
crypto/tls
jackson-databind

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.739 High

EPSS

Percentile

98.1%

JSON

Migration Toolkit for Applications

Security Fix(es):

  • golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)

  • jettison: If the value in map is the map’s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)

  • apache-ivy: XML External Entity vulnerability (CVE-2022-46751)

  • jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)

  • guava: insecure temporary directory creation (CVE-2023-2976)

  • follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() (CVE-2023-26159)

  • golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)

  • golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)

  • jackson-databind: denial of service via cylic dependencies (CVE-2023-35116)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

redhat 45
nessus 61
openvas 20
ubuntu 4
debian 3
osv 14
almalinux 8
amazon 1
oraclelinux 8
centos 2
mageia 1
ibm 28
atlassian 1
aix 1
cloudlinux 1
rocky 1
redhat
redhat
(RHSA-2024:0853) Moderate: Network Observability 1.5.0 for OpenShift
2024-02-21 13:29:48
(RHSA-2024:1203) Important: Red Hat OpenShift for Windows Containers 9.0.1 security update
2024-03-07 06:36:15
(RHSA-2024:0954) Important: Red Hat OpenShift for Windows Containers 10.15.0 security update
2024-02-27 15:14:38
nessus
nessus
RHEL 8 : java-11-openjdk (RHSA-2024:0233)
2024-01-17 00:00:00
AlmaLinux 9 : java-1.8.0-openjdk (ALSA-2024:0265)
2024-01-20 00:00:00
Debian dsa-5604 : openjdk-11-dbg - security update
2024-01-23 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6696-1)
2024-03-18 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0203-1)
2024-01-25 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0321-1)
2024-02-05 00:00:00
ubuntu
ubuntu
OpenJDK 8 vulnerabilities
2024-03-18 00:00:00
OpenJDK 11 vulnerabilities
2024-02-27 00:00:00
OpenJDK 21 vulnerabilities
2024-02-27 00:00:00
debian
debian
[SECURITY] [DLA 3728-1] openjdk-11 security update
2024-01-31 15:32:31
[SECURITY] [DSA 5604-1] openjdk-11 security update
2024-01-23 21:53:52
[SECURITY] [DSA 5613-1] openjdk-17 security update
2024-02-01 22:39:37
osv
osv
Important: java-11-openjdk security update
2024-01-18 00:00:00
openjdk-8 vulnerabilities
2024-03-18 04:06:20
openjdk-lts vulnerabilities
2024-02-27 02:36:42
almalinux
almalinux
Important: java-11-openjdk security update
2024-01-18 00:00:00
Important: java-1.8.0-openjdk security and bug fix update
2024-01-17 00:00:00
Important: java-21-openjdk security update
2024-01-17 00:00:00
amazon
amazon
Important: java-1.8.0-openjdk
2024-02-01 19:57:00
oraclelinux
oraclelinux
java-11-openjdk security update
2024-01-17 00:00:00
java-1.8.0-openjdk security and bug fix update
2024-01-17 00:00:00
java-1.8.0-openjdk security and bug fix update
2024-01-23 00:00:00
centos
centos
java security update
2024-01-26 18:12:38
java security update
2024-01-26 18:11:41
mageia
mageia
Updated java 1.8.0, 11 & latest packages fix security vulnerabilities
2024-03-15 05:49:05
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Open JDK affecting Rational Functional Tester / DevOps Test UI
2024-03-15 18:48:14
Security Bulletin: There are multiple vulnerabilities in the IBM SDK, Java Technology Edition that is shipped with IBM CICS TX Standard (CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850).
2024-03-08 14:30:04
Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to multiple issues due to IBM Runtime Environment Java Technology Edition
2024-03-12 09:21:46
atlassian
atlassian
Bundled JRE in Bitbucket 8.16+ is vulnerable to OpenJDK vulnerabilities CVE-2024-20918, CVE-2024-20919
2024-04-22 06:45:05
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2024-03-07 15:16:48
cloudlinux
cloudlinux
java-1.8.0-openjdk: Fix of 8 CVEs
2024-01-31 10:50:31
rocky
rocky
rpm security update
2024-02-12 20:17:16

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.739 High

EPSS

Percentile

98.1%

JSON
Related for RHSA-2024:1027
redhat45nessus61openvas20ubuntu4debian3osv14almalinux8amazon1oraclelinux8centos2mageia1ibm28atlassian1aix1cloudlinux1rocky1