Details of VAR-202004-0983

ID

VAR-202004-0983

CVE

CVE-2020-1954

TITLE

Apache CXF Information disclosure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202004-049

DESCRIPTION

Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX. Apache CXF is an open source Web service framework of the Apache Software Foundation. The framework supports a variety of Web service standards, a variety of front-end programming API and so on. An information disclosure vulnerability exists in Apache CXF versions prior to 3.2.13 and versions prior to 3.3.6. An attacker could exploit this vulnerability to obtain sensitive information. The References section of this erratum contains a download link (you must log in to download the update). The JBoss server process must be restarted for the update to take effect. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 8 Advisory ID: RHSA-2020:4245-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:4245 Issue date: 2020-10-13 CVE Names: CVE-2020-1954 CVE-2020-14299 CVE-2020-14338 CVE-2020-14340 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.3 for BaseOS-8 - noarch, x86_64 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.2 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.3 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * picketbox: JBoss EAP reload to admin-only mode allows authentication bypass (CVE-2020-14299) * wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl (CVE-2020-14338) * xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS (CVE-2020-14340) * cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. For details about how to apply this update, see: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1824301 - CVE-2020-1954 cxf: JMX integration is vulnerable to a MITM attack 1848533 - CVE-2020-14299 picketbox: JBoss EAP reload to admin-only mode allows authentication bypass 1860054 - CVE-2020-14338 wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl 1860218 - CVE-2020-14340 xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS 6. JIRA issues fixed (https://issues.jboss.org/): JBEAP-19379 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.17 to 5.3.18 JBEAP-19444 - Tracker bug for the EAP 7.3.3 release for RHEL-8 JBEAP-19596 - [GSS](7.3.z) CMTOOL-277 - Migration from EAP 6.4 Update 22 to EAP 7.3 create a misspelled 'Application Realm' JBEAP-19613 - (7.3.z) ELY-1975 - Update AcmeClientSpi#obtainCertificate so that it obtains the order URL from the response to newOrder JBEAP-19615 - (7.3.z) ELY-1968 - Update error message returned by AcmeClientSpi#getLocation JBEAP-19642 - (7.3.z) Upgrade jberet-core from 1.3.5.Final to 1.3.7.Final JBEAP-19695 - [GSS](7.3.z) Upgrade Apache CXF from 3.3.5 to 3.3.7 JBEAP-19698 - [GSS](7.3.z) Upgrade Invocation from 1.5.2.Final-redhat-00001 to 1.5.3.Final... JBEAP-19700 - [GSS](7.3.z) Upgrade Migration Tool from 1.7.1-redhat-00003 to 1.7.2-redhat-00001 JBEAP-19701 - [GSS](7.3.z) Upgrade jgroups from 4.1.4.Final-redhat-00001 to 4.1.10.Final-redhat-00001 JBEAP-19715 - [GSS](7.3.z) Upgrade Artemis Native to 1.0.2 JBEAP-19746 - [GSS](7.3.z) Upgrade JBoss Log Manager from 2.1.15 to 2.1.17 JBEAP-19789 - [GSS](7.3.z) Upgrade Narayana from 5.9.8.Final to 5.9.9.Final JBEAP-19791 - [GSS](7.3.z) Upgrade HAL from 3.2.9.Final-redhat-00001 to 3.2.10.Final-redhat-00001 JBEAP-19795 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP11-redhat-00001 to 2.3.9.SP12-redhat-00001 JBEAP-19796 - [GSS](7.3.z) Upgrade Artemis from 2.9.0.redhat-00010 to 2.9.0.redhat-00011 JBEAP-19822 - (7.3.z) Upgrade MP fault-tolerance to 2.1.1 JBEAP-19888 - (7.3.z) Upgrade SmallRye OpenAPI to 1.1.23 JBEAP-19934 - (7.3.z) Upgrade bouncycastle to 1.65 JBEAP-19935 - (7.3.z) Upgrade commons-codec to 1.14 JBEAP-19936 - (7.3.z) Upgrade commons-lang3 from 3.9 to 3.10 JBEAP-19937 - (7.3.z) Upgrade snakeyaml to 1.26 JBEAP-19938 - (7.3.z) Upgrade velocity to 2.2 JBEAP-19939 - (7.3.z) Upgrade httpcomponents httpclient from 4.5.4 to 4.5.12 JBEAP-19940 - (7.3.z) Upgrade httpcomponents httpcore from 4.4.5 to 4.4.13 JBEAP-19942 - (7.3.z) Upgrade XNIO from 3.7.8.SP1 to 3.7.9.Final JBEAP-19955 - (7.3.z) Update xmlschema to 2.2.5 JBEAP-19965 - (7.3.z) Fix PreservePathTestCase after httpclient upgrade JBEAP-20027 - (7.3.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00012 to 2.5.5.SP12-redhat-00013 JBEAP-20037 - [GSS](7.3.z) Upgrade wildfly-transaction-client from 1.1.11.Final-redhat-00001 to 1.1.13.Final-redhat-00001 JBEAP-20064 - (7.3.z) Update PR template to include PR-processor hints for wildfly-core-eap JBEAP-20087 - [GSS](7.3.z) WFLY-13147 - Deployment slowdown after WFLY upgrade (DeploymentArchive handling) JBEAP-20112 - (7.3.z) Upgrade smallrye-fault-tolerance to 4.2.1 7. Package List: Red Hat JBoss EAP 7.3 for BaseOS-8: Source: eap7-activemq-artemis-2.9.0-5.redhat_00011.1.el8eap.src.rpm eap7-activemq-artemis-native-1.0.2-1.redhat_00001.1.el8eap.src.rpm eap7-apache-commons-codec-1.14.0-1.redhat_00001.1.el8eap.src.rpm eap7-apache-commons-lang-3.10.0-1.redhat_00001.1.el8eap.src.rpm eap7-apache-cxf-3.3.7-1.redhat_00001.1.el8eap.src.rpm eap7-artemis-native-1.0.2-3.redhat_1.el8eap.src.rpm eap7-bouncycastle-1.65.0-1.redhat_00001.1.el8eap.src.rpm eap7-glassfish-jsf-2.3.9-11.SP12_redhat_00001.1.el8eap.src.rpm eap7-hal-console-3.2.10-1.Final_redhat_00001.1.el8eap.src.rpm eap7-hibernate-5.3.18-1.Final_redhat_00001.1.el8eap.src.rpm eap7-httpcomponents-client-4.5.12-1.redhat_00001.1.el8eap.src.rpm eap7-httpcomponents-core-4.4.13-1.redhat_00001.1.el8eap.src.rpm eap7-jberet-1.3.7-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-invocation-1.5.3-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-logmanager-2.1.17-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-server-migration-1.7.2-2.Final_redhat_00002.1.el8eap.src.rpm eap7-jboss-xnio-base-3.7.9-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jgroups-4.1.10-1.Final_redhat_00001.1.el8eap.src.rpm eap7-narayana-5.9.9-1.Final_redhat_00001.1.el8eap.src.rpm eap7-picketbox-5.0.3-8.Final_redhat_00007.1.el8eap.src.rpm eap7-picketlink-bindings-2.5.5-25.SP12_redhat_00013.1.el8eap.src.rpm eap7-snakeyaml-1.26.0-1.redhat_00001.1.el8eap.src.rpm eap7-undertow-2.0.31-1.SP1_redhat_00001.1.el8eap.src.rpm eap7-velocity-2.2.0-1.redhat_00001.1.el8eap.src.rpm eap7-wildfly-7.3.3-4.GA_redhat_00004.1.el8eap.src.rpm eap7-wildfly-elytron-1.10.8-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-transaction-client-1.1.13-1.Final_redhat_00001.1.el8eap.src.rpm eap7-ws-commons-XmlSchema-2.2.5-1.redhat_00001.1.el8eap.src.rpm eap7-xerces-j2-2.12.0-2.SP03_redhat_00001.1.el8eap.src.rpm noarch: eap7-activemq-artemis-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-cli-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-commons-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-core-client-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-dto-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-hornetq-protocol-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-hqclient-protocol-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-jdbc-store-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-client-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-server-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-journal-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-native-1.0.2-1.redhat_00001.1.el8eap.noarch.rpm eap7-activemq-artemis-ra-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-selector-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-server-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-service-extensions-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-tools-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-apache-commons-codec-1.14.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-apache-commons-lang-3.10.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-apache-cxf-3.3.7-1.redhat_00001.1.el8eap.noarch.rpm eap7-apache-cxf-rt-3.3.7-1.redhat_00001.1.el8eap.noarch.rpm eap7-apache-cxf-services-3.3.7-1.redhat_00001.1.el8eap.noarch.rpm eap7-apache-cxf-tools-3.3.7-1.redhat_00001.1.el8eap.noarch.rpm eap7-bouncycastle-1.65.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-bouncycastle-mail-1.65.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-bouncycastle-pkix-1.65.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-bouncycastle-prov-1.65.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-glassfish-jsf-2.3.9-11.SP12_redhat_00001.1.el8eap.noarch.rpm eap7-hal-console-3.2.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-5.3.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-core-5.3.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-entitymanager-5.3.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-envers-5.3.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-java8-5.3.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-httpcomponents-client-4.5.12-1.redhat_00001.1.el8eap.noarch.rpm eap7-httpcomponents-core-4.4.13-1.redhat_00001.1.el8eap.noarch.rpm eap7-jberet-1.3.7-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jberet-core-1.3.7-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-invocation-1.5.3-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-logmanager-2.1.17-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-server-migration-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-cli-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-core-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.3-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly15.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly16.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly17.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly18.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-xnio-base-3.7.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jgroups-4.1.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-compensations-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jbosstxbridge-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jbossxts-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jts-idlj-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jts-integration-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-api-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-bridge-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-integration-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-util-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-txframework-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-picketbox-5.0.3-8.Final_redhat_00007.1.el8eap.noarch.rpm eap7-picketbox-infinispan-5.0.3-8.Final_redhat_00007.1.el8eap.noarch.rpm eap7-picketlink-bindings-2.5.5-25.SP12_redhat_00013.1.el8eap.noarch.rpm eap7-picketlink-wildfly8-2.5.5-25.SP12_redhat_00013.1.el8eap.noarch.rpm eap7-snakeyaml-1.26.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-undertow-2.0.31-1.SP1_redhat_00001.1.el8eap.noarch.rpm eap7-velocity-2.2.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-velocity-engine-core-2.2.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-7.3.3-4.GA_redhat_00004.1.el8eap.noarch.rpm eap7-wildfly-elytron-1.10.8-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-elytron-tool-1.10.8-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-javadocs-7.3.3-4.GA_redhat_00004.1.el8eap.noarch.rpm eap7-wildfly-modules-7.3.3-4.GA_redhat_00004.1.el8eap.noarch.rpm eap7-wildfly-transaction-client-1.1.13-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ws-commons-XmlSchema-2.2.5-1.redhat_00001.1.el8eap.noarch.rpm eap7-xerces-j2-2.12.0-2.SP03_redhat_00001.1.el8eap.noarch.rpm x86_64: eap7-artemis-native-1.0.2-3.redhat_1.el8eap.x86_64.rpm eap7-artemis-native-wildfly-1.0.2-3.redhat_1.el8eap.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2020-1954 https://access.redhat.com/security/cve/CVE-2020-14299 https://access.redhat.com/security/cve/CVE-2020-14338 https://access.redhat.com/security/cve/CVE-2020-14340 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/ 9. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX4XdnNzjgjWX9erEAQiXuw//R4g+s6n+rk7hCp48kUecgr/5ci5EP6UM 7BsPN7sPZcLyYiZZsP+/6hHbB/dkfUyL8zJMQBQHHcwjhFkI9diYjraI2/K2BTo8 Fb/JEJoCmDs88/LUUpMebq7SSulBWhtfKYwCCOGy6pCpRAka99nzFXGr1y4H1ozJ berY8tq9PVJLJyuKGyoK+06fENIV2b/Oir68lSGrTMJVQeqb9TclI1pRIZ/8iZNh OQOnXk85y81YrQTlynAlBnlMCtSNEFMBUi5b25Q30ZNxMaegYyezvlgs790hLZQA UUfjAdFsk341kK0uop93y9MnDT1qUiYNG1rJ5DBB0jzyq7zQk2GxwBYg3mhItMhi FBZ6oeePwEEq4Bxpd1vERDQQW+zCpd0jLJ4nvU1wFIQZK7eSBk6Lz4ws2XUHmuru yXCcJZWqkXzQwhYMSq3y1fVcTAl6HcWxoBuX1TU9AmZWKcUlHN9Lo6BF4fMEhXH/ UrQNC+mOnCAjJrD1sGyPlozMnZnu96fVMURTDdz4J9aN1JU1t0fb2MgD3X3VZWto ducjlQPeNTI1+elmaBxAS8A7a+UaN63QgjeCQfzjEky89Jvfv/Ra6i5R5x8LrrQf zMn1XyxOAefzehiV8SR801W8dE7D7RlF5y/TH0ciA/CIzUSNAbb4tDlGcSDPig+a PGc+57G5XO4=OgA5 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Summary: This is a security update for JBoss EAP Continuous Delivery 20. Description: Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. Security Fix(es): * hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900) * batik: SSRF via "xlink:href" (CVE-2019-17566) * Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748) * ant: insecure temporary file vulnerability (CVE-2020-1945) * dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683) * hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693) * wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714) * cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954) * mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2875) * mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS (CVE-2020-2933) * mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2934) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM 1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1824301 - CVE-2020-1954 cxf: JMX integration is vulnerable to a MITM attack 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability 1848617 - CVE-2019-17566 batik: SSRF via "xlink:href" 1851014 - CVE-2020-2934 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete 1851019 - CVE-2020-2875 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete 1851022 - CVE-2020-2933 mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS 5. Description: Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications

Trust: 1.71

sources: NVD: CVE-2020-1954 // VULHUB: VHN-172928 // VULMON: CVE-2020-1954 // PACKETSTORM: 159924 // PACKETSTORM: 159540 // PACKETSTORM: 159538 // PACKETSTORM: 159015 // PACKETSTORM: 159921 // PACKETSTORM: 159541 // PACKETSTORM: 159899

AFFECTED PRODUCTS

vendor:	apache	model:	cxf	scope:	gte	version:	3.3.0	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router idih\:	scope:	lte	version:	8.2.2	Trust: 1.0
vendor:	oracle	model:	communications element manager	scope:	gte	version:	8.2.0	Trust: 1.0
vendor:	netapp	model:	oncommand workflow automation	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	communications element manager	scope:	lte	version:	8.2.2	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	oracle	model:	communications session report manager	scope:	gte	version:	8.2.0	Trust: 1.0
vendor:	oracle	model:	communications session route manager	scope:	gte	version:	8.2.0	Trust: 1.0
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	13.2.1.0	Trust: 1.0
vendor:	oracle	model:	communications session report manager	scope:	lte	version:	8.2.2	Trust: 1.0
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.56	Trust: 1.0
vendor:	netapp	model:	snapmanager	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	lte	version:	8.2.2	Trust: 1.0
vendor:	apache	model:	cxf	scope:	lt	version:	3.3.6	Trust: 1.0
vendor:	apache	model:	cxf	scope:	lt	version:	3.2.13	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router idih\:	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	oracle	model:	communications session route manager	scope:	lte	version:	8.2.2	Trust: 1.0

sources: NVD: CVE-2020-1954

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-1954
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202004-049
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-172928
value:	LOW
Trust: 0.1
VULMON:	CVE-2020-1954
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-1954
severity:	LOW
baseScore:	2.9
vectorString:	AV:A/AC:M/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	5.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-172928
severity:	LOW
baseScore:	2.9
vectorString:	AV:A/AC:M/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	5.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-1954
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-172928 // VULMON: CVE-2020-1954 // CNNVD: CNNVD-202004-049 // NVD: CVE-2020-1954

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-200	Trust: 0.1

sources: VULHUB: VHN-172928 // NVD: CVE-2020-1954

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-049

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202004-049

PATCH

title:	Apache CXF Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115418	Trust: 0.6
title:	Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 6	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204244 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 7.3.3 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204247 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 7	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204246 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 8	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204245 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: EAP Continuous Delivery Technical Preview Release 20 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203585 - Security Advisory	Trust: 0.1
title:	Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2020-125	Trust: 0.1

sources: VULMON: CVE-2020-1954 // CNNVD: CNNVD-202004-049

EXTERNAL IDS

db:	NVD	id:	CVE-2020-1954	Trust: 2.5
db:	PACKETSTORM	id:	159015	Trust: 0.8
db:	PACKETSTORM	id:	159541	Trust: 0.8
db:	PACKETSTORM	id:	159921	Trust: 0.8
db:	PACKETSTORM	id:	159899	Trust: 0.8
db:	CNNVD	id:	CNNVD-202004-049	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3507	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3485	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3894	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3804	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2992	Trust: 0.6
db:	PACKETSTORM	id:	159540	Trust: 0.2
db:	PACKETSTORM	id:	159924	Trust: 0.2
db:	PACKETSTORM	id:	159538	Trust: 0.2
db:	PACKETSTORM	id:	159539	Trust: 0.1
db:	CNVD	id:	CNVD-2020-29873	Trust: 0.1
db:	VULHUB	id:	VHN-172928	Trust: 0.1
db:	VULMON	id:	CVE-2020-1954	Trust: 0.1

sources: VULHUB: VHN-172928 // VULMON: CVE-2020-1954 // PACKETSTORM: 159924 // PACKETSTORM: 159540 // PACKETSTORM: 159538 // PACKETSTORM: 159015 // PACKETSTORM: 159921 // PACKETSTORM: 159541 // PACKETSTORM: 159899 // CNNVD: CNNVD-202004-049 // NVD: CVE-2020-1954

REFERENCES

url:	https://www.oracle.com/security-alerts/cpuoct2020.html	Trust: 2.4
url:	https://security.netapp.com/advisory/ntap-20220210-0001/	Trust: 1.7
url:	http://cxf.apache.org/security-advisories.data/cve-2020-1954.txt.asc?version=1&modificationdate=1585730169000&api=v2	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1954	Trust: 1.3
url:	https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3ccommits.cxf.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3ccommits.cxf.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3ccommits.cxf.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3ccommits.cxf.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3ccommits.cxf.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3ccommits.cxf.apache.org%3e	Trust: 0.7
url:	https://access.redhat.com/security/team/contact/	Trust: 0.7
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.7
url:	https://bugzilla.redhat.com/):	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2020-1954	Trust: 0.7
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apache-cxf-information-disclosure-via-instrumentationmanager-extension-bus-33515	Trust: 0.6
url:	https://packetstormsecurity.com/files/159899/red-hat-security-advisory-2020-4931-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3804/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3507/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159541/red-hat-security-advisory-2020-4246-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2992/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159015/red-hat-security-advisory-2020-3585-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/159921/red-hat-security-advisory-2020-4960-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-apache-cxf-which-is-shipped-with-ibm-tivoli-network-manager-cve-2020-1954/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-apache-cxf-vulnerability-identified-in-ibm-tivoli-application-dependency-discovery-manager-cve-2020-1954/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3485/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3894/	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-14299	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14299	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-14338	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-14340	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14338	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14340	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-10714	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14900	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10683	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10714	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-10683	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-14900	Trust: 0.3
url:	https://issues.jboss.org/):	Trust: 0.3
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/	Trust: 0.3
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-2875	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-2934	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-2933	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17566	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-1945	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10693	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-17566	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1945	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-2875	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-2934	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-2933	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-10693	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1748	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-1748	Trust: 0.2
url:	https://access.redhat.com/security/team/key/	Trust: 0.2
url:	https://access.redhat.com/articles/11258	Trust: 0.2
url:	http://cxf.apache.org/security-advisories.data/cve-2020-1954.txt.asc?version=1&modificationdate=1585730169000&api=v2	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4244	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/178938	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4961	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.9/	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=rhpam&version=7.9.0	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform&downloadtype=securitypatches&version=7.3	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4247	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4245	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-6950	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1719	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10172	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10740	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3585	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product\xeap-cd&version	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11612	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10719	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1719	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10705	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10673	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10172	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10705	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6950	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10740	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11612	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10719	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/20/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14371	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-14371	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10673	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=rhdm&version=7.9.0	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.9/	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4960	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4246	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4931	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14389	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10776	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso&downloadtype=securitypatches&version=7.4	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10776	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14389	Trust: 0.1

CREDITS

Red Hat

Trust: 1.3

sources: PACKETSTORM: 159924 // PACKETSTORM: 159540 // PACKETSTORM: 159538 // PACKETSTORM: 159015 // PACKETSTORM: 159921 // PACKETSTORM: 159541 // PACKETSTORM: 159899 // CNNVD: CNNVD-202004-049

SOURCES

db:	VULHUB	id:	VHN-172928
db:	VULMON	id:	CVE-2020-1954
db:	PACKETSTORM	id:	159924
db:	PACKETSTORM	id:	159540
db:	PACKETSTORM	id:	159538
db:	PACKETSTORM	id:	159015
db:	PACKETSTORM	id:	159921
db:	PACKETSTORM	id:	159541
db:	PACKETSTORM	id:	159899
db:	CNNVD	id:	CNNVD-202004-049
db:	NVD	id:	CVE-2020-1954

LAST UPDATE DATE

2024-09-18T23:15:30.156000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-172928	date:	2022-02-21T00:00:00
db:	VULMON	id:	CVE-2020-1954	date:	2021-04-02T00:00:00
db:	CNNVD	id:	CNNVD-202004-049	date:	2022-02-11T00:00:00
db:	NVD	id:	CVE-2020-1954	date:	2023-11-07T03:19:38.010

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-172928	date:	2020-04-01T00:00:00
db:	VULMON	id:	CVE-2020-1954	date:	2020-04-01T00:00:00
db:	PACKETSTORM	id:	159924	date:	2020-11-06T15:18:46
db:	PACKETSTORM	id:	159540	date:	2020-10-13T20:24:41
db:	PACKETSTORM	id:	159538	date:	2020-10-13T20:24:21
db:	PACKETSTORM	id:	159015	date:	2020-08-31T16:22:15
db:	PACKETSTORM	id:	159921	date:	2020-11-06T15:06:03
db:	PACKETSTORM	id:	159541	date:	2020-10-13T20:24:49
db:	PACKETSTORM	id:	159899	date:	2020-11-05T16:59:52
db:	CNNVD	id:	CNNVD-202004-049	date:	2020-04-01T00:00:00
db:	NVD	id:	CVE-2020-1954	date:	2020-04-01T21:15:14.597