ID

VAR-202005-1054


CVE

CVE-2020-10683


TITLE

dom4j In XML External entity vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-004997

DESCRIPTION

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. dom4j To XML There is a vulnerability in an external entity.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. dom4j is an open source framework for processing XML. A code issue vulnerability exists in dom4j versions prior to 2.0.3 and 2.1.x versions prior to 2.1.3. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Installation instructions are available from the Fuse 7.8.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/ 4. Description: Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. The References section of this erratum contains a download link (you must log in to download the update). The JBoss server process must be restarted for the update to take effect. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update Advisory ID: RHSA-2020:3462-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:3462 Issue date: 2020-08-17 CVE Names: CVE-2019-14900 CVE-2020-1710 CVE-2020-1748 CVE-2020-10672 CVE-2020-10673 CVE-2020-10683 CVE-2020-10687 CVE-2020-10693 CVE-2020-10714 CVE-2020-10718 CVE-2020-10740 CVE-2020-14297 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.3 for RHEL 7 Server - noarch 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718) * dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683) * wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714) * wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687) * jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673) * hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900) * wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740) * jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672) * undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710) * hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693) * wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748) * wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297) For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM 1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser 1785049 - CVE-2020-10687 Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests 1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1828476 - CVE-2020-10718 wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API 1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans 1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service 6. JIRA issues fixed (https://issues.jboss.org/): JBEAP-18793 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.16 to 5.3.17 JBEAP-19095 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.20 to 1.0.21 JBEAP-19134 - (7.3.z) Upgrade HAL from 3.2.8.Final-redhat-00001 to 3.2.9.Final JBEAP-19185 - (7.3.z) Upgrade IronJacamar from 1.4.20.Final to 1.4.22.Final JBEAP-19203 - (7.3.z) WFCORE-4850 - Updating mockserver to 5.9.0. Exclusion of dependency from xom.io7m JBEAP-19205 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.x JBEAP-19269 - [GSS](7.3.z) Upgrade jboss-logmanager from 2.1.14.Final to 2.1.15.Final JBEAP-19322 - (7.3.z) Upgrade XNIO from 3.7.7 to 3.7.8.SP1 JBEAP-19325 - (7.3.z) Upgrade Infinispan from 9.4.18.Final-redhat-00001 to 9.4.19.Final-redhat-00001 JBEAP-19397 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP09-redhat-00001 to 2.3.9.SP11-redhat-00001 JBEAP-19410 - Tracker bug for the EAP 7.3.2 release for RHEL-7 JBEAP-19529 - (7.3.z) Update PR template to include PR-processor hints. JBEAP-19564 - [GSS](7.3.z) Upgrade jboss-ejb-client from 4.0.31.Final-redhat-00001 to 4.0.33.Final-redhat-00001 JBEAP-19585 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.4 to 2.0.6 JBEAP-19617 - (7.3.z) Upgrade wildfly-naming-client from 1.0.12.Final-redhat-00001 to 1.0.13.Final-redhat-00001 JBEAP-19619 - (7.3.z) Upgrade JBoss JSF API from 3.0.0.SP02-redhat-00001 to 3.0.0.SP04-redhat-00001 JBEAP-19673 - (7.3.z) [WFCORE] Upgrade WildFly Common to 1.5.2.Final JBEAP-19674 - (7.3.z) [WFCORE] Upgrade galleon and wildfly-galleon-plugins from 4.1.2.Final to 4.2.4.Final JBEAP-19874 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.21.Final-redhat-00001 to 1.0.22.Final-redhat-00001 7. Package List: Red Hat JBoss EAP 7.3 for RHEL 7 Server: Source: eap7-dom4j-2.1.3-1.redhat_00001.1.el7eap.src.rpm eap7-elytron-web-1.6.2-1.Final_redhat_00001.1.el7eap.src.rpm eap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el7eap.src.rpm eap7-hal-console-3.2.9-1.Final_redhat_00001.1.el7eap.src.rpm eap7-hibernate-5.3.17-1.Final_redhat_00001.1.el7eap.src.rpm eap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el7eap.src.rpm eap7-infinispan-9.4.19-1.Final_redhat_00001.1.el7eap.src.rpm eap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jackson-annotations-2.10.4-1.redhat_00001.1.el7eap.src.rpm eap7-jackson-core-2.10.4-1.redhat_00001.1.el7eap.src.rpm eap7-jackson-databind-2.10.4-1.redhat_00001.1.el7eap.src.rpm eap7-jackson-jaxrs-providers-2.10.4-1.redhat_00001.1.el7eap.src.rpm eap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el7eap.src.rpm eap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el7eap.src.rpm eap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el7eap.src.rpm eap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el7eap.src.rpm eap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el7eap.src.rpm eap7-netty-4.1.48-1.Final_redhat_00001.1.el7eap.src.rpm eap7-undertow-2.0.30-4.SP4_redhat_00001.1.el7eap.src.rpm eap7-wildfly-7.3.2-4.GA_redhat_00002.1.el7eap.src.rpm eap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el7eap.src.rpm eap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-http-client-1.0.22-1.Final_redhat_00001.1.el7eap.src.rpm noarch: eap7-dom4j-2.1.3-1.redhat_00001.1.el7eap.noarch.rpm eap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el7eap.noarch.rpm eap7-hal-console-3.2.9-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-core-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-entitymanager-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-envers-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-java8-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-validator-cdi-6.0.20-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-cachestore-jdbc-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-cachestore-remote-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-client-hotrod-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-commons-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-core-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-hibernate-cache-commons-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-hibernate-cache-spi-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-hibernate-cache-v53-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-api-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-impl-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-spi-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-api-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-impl-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-deployers-common-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-jdbc-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-validator-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jackson-annotations-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-core-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-databind-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-datatype-jdk8-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-datatype-jsr310-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-jaxrs-base-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-jaxrs-json-provider-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-module-jaxb-annotations-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-cli-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-core-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.3-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly15.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly16.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly17.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly18.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-netty-4.1.48-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-all-4.1.48-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-undertow-2.0.30-4.SP4_redhat_00001.1.el7eap.noarch.rpm eap7-undertow-server-1.6.2-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-elytron-tool-1.10.7-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-client-common-1.0.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-java-jdk11-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-java-jdk8-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-javadocs-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-modules-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2019-14900 https://access.redhat.com/security/cve/CVE-2020-1710 https://access.redhat.com/security/cve/CVE-2020-1748 https://access.redhat.com/security/cve/CVE-2020-10672 https://access.redhat.com/security/cve/CVE-2020-10673 https://access.redhat.com/security/cve/CVE-2020-10683 https://access.redhat.com/security/cve/CVE-2020-10687 https://access.redhat.com/security/cve/CVE-2020-10693 https://access.redhat.com/security/cve/CVE-2020-10714 https://access.redhat.com/security/cve/CVE-2020-10718 https://access.redhat.com/security/cve/CVE-2020-10740 https://access.redhat.com/security/cve/CVE-2020-14297 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/ 9. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXzqIZtzjgjWX9erEAQgbmw/9EMmKKCCwal4bB6c8JuVi9V1qwN8+GJA4 BT8rEG7nDCffXvCdGzhPj1JofUlvVLcMX6T7DhC7DJ3acsCFoMvpVvranRkhnXkj 9sIZxPYy2ZFRIXWt8tUvVYeYZdKJ+dKsHRzzCetQr0vd9L9gWuGUZcroS+PTdkCn 2Us87nq0bPNqMAX4q5iqs/+yM7WrcmL8bJELEFU+QwZQOtqKpnOiCUVwUnPxHuAB gTk5DLAdJaj/FFmQH0l2Qc0brTXRvcjFLhme3ygQcfiOB0bh4KO+ykhOS+lznCIB a33P5m0/eXkdjMuT9PxxllMpE3cygCrN0caFwm5F/rJVUczc6MNBCWQ2605xiiNt xQOh429J3J9S+Ew+hwBsaWRwKgibItBI3aa/AiUHHPnwj5Q33hj3+2/53k7QuN/0 59JqQ1hOz7x857G2HaAPiCWu3QDhHqfdhewrLpCEnrO0HhLiPoHou8tuD8UnITws OfWtjSw0bwBnhb3OsmGlQxHtIDfY+TpJKQ6YPukUmc0KiRfC695HNgk91b4u5M5O 42Oo9g4g4rxVezCI1+WaN1KRA1J7yUTmvAFuz/1QervXpvw1xGbILLqlJI7maNnX bN4s3UgKVYLg/hlGiOMvLVTAuHY8OIyiijNoAcHXZv63+AGWQTRUihyIpl8KcFIr V2uaf/+66c0=doZv -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Summary: This is a security update for JBoss EAP Continuous Delivery 20. Description: Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications

Trust: 2.43

sources: NVD: CVE-2020-10683 // JVNDB: JVNDB-2020-004997 // VULHUB: VHN-163186 // PACKETSTORM: 160562 // PACKETSTORM: 159924 // PACKETSTORM: 159083 // PACKETSTORM: 158889 // PACKETSTORM: 159015 // PACKETSTORM: 159080 // PACKETSTORM: 158916 // PACKETSTORM: 159082

AFFECTED PRODUCTS

vendor:oraclemodel:jdeveloperscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:lteversion:11.3.0

Trust: 1.0

vendor:dom4jmodel:dom4jscope:ltversion:2.0.3

Trust: 1.0

vendor:oraclemodel:retail price managementscope:eqversion:14.0.3

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:gteversion:19.12.0.0

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:gteversion:17.1.0.0

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:16.0.6

Trust: 1.0

vendor:oraclemodel:enterprise data qualityscope:eqversion:11.1.1.9.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:gteversion:8.0.6

Trust: 1.0

vendor:oraclemodel:flexcube core bankingscope:eqversion:11.8.0

Trust: 1.0

vendor:oraclemodel:insurance policy administration j2eescope:gteversion:11.1.0

Trust: 1.0

vendor:oraclemodel:retail price managementscope:eqversion:15.0.3.0

Trust: 1.0

vendor:oraclemodel:webcenter portalscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.3.0

Trust: 1.0

vendor:oraclemodel:webcenter portalscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:netappmodel:snapmanagerscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:insurance policy administration j2eescope:eqversion:11.0.2

Trust: 1.0

vendor:oraclemodel:retail customer management and segmentation foundationscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:gteversion:4.3.0.1.0

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:lteversion:17.12.17.1

Trust: 1.0

vendor:netappmodel:snapcenterscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:18.0

Trust: 1.0

vendor:oraclemodel:insurance policy administration j2eescope:lteversion:11.3.0

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:19.0

Trust: 1.0

vendor:oraclemodel:enterprise data qualityscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:endeca information discovery integratorscope:eqversion:3.2.0

Trust: 1.0

vendor:netappmodel:oncommand workflow automationscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:lteversion:16.2.20.1

Trust: 1.0

vendor:dom4jmodel:dom4jscope:ltversion:2.1.3

Trust: 1.0

vendor:oraclemodel:business process management suitescope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:business process management suitescope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:lteversion:19.12.6.0

Trust: 1.0

vendor:oraclemodel:health sciences information managerscope:eqversion:3.0.1

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:lteversion:18.8.19.0

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:11.0.2

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:agile plmscope:eqversion:9.3.5

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:18.0.3

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:gteversion:16.1.0.0

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:15.0.4

Trust: 1.0

vendor:oraclemodel:rapid planningscope:eqversion:12.1

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:lteversion:8.2.2

Trust: 1.0

vendor:oraclemodel:retail price managementscope:eqversion:14.1.3.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.0.0

Trust: 1.0

vendor:oraclemodel:webcenter portalscope:eqversion:11.1.1.9.0

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:gteversion:8.0.0

Trust: 1.0

vendor:netappmodel:oncommand api servicesscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.4.0

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:agile plmscope:eqversion:9.3.3

Trust: 1.0

vendor:oraclemodel:health sciences empirica signalscope:eqversion:9.0

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:19.1

Trust: 1.0

vendor:oraclemodel:banking platformscope:lteversion:2.10.0

Trust: 1.0

vendor:oraclemodel:data integratorscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:storagetek tape analytics sw toolscope:eqversion:2.3

Trust: 1.0

vendor:oraclemodel:documakerscope:lteversion:12.6.4

Trust: 1.0

vendor:oraclemodel:insurance policy administration j2eescope:eqversion:10.2.4

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:gteversion:18.1.0.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:lteversion:8.1.0

Trust: 1.0

vendor:netappmodel:snap creator frameworkscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:rapid planningscope:eqversion:12.2

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:lteversion:4.3.0.6.0

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.2.0.2.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:2.2.0.0.0

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:10.2.0

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:17.0.4

Trust: 1.0

vendor:oraclemodel:flexcube core bankingscope:eqversion:11.10.0

Trust: 1.0

vendor:oraclemodel:retail customer management and segmentation foundationscope:eqversion:17.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.2.0.3.0

Trust: 1.0

vendor:dom4jmodel:dom4jscope:gteversion:2.1.0

Trust: 1.0

vendor:oraclemodel:communications application session controllerscope:eqversion:3.9m0p1

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.4.0.0

Trust: 1.0

vendor:oraclemodel:fusion middlewarescope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.2.0

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:10.2.4

Trust: 1.0

vendor:oraclemodel:retail price managementscope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:application testing suitescope:eqversion:13.3.0.1

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:oraclemodel:flexcube core bankingscope:eqversion:11.7.0

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:gteversion:11.1.0

Trust: 1.0

vendor:oraclemodel:flexcube core bankingscope:eqversion:11.9.0

Trust: 1.0

vendor:oraclemodel:insurance policy administration j2eescope:eqversion:10.2.0

Trust: 1.0

vendor:oraclemodel:documakerscope:gteversion:12.6.0

Trust: 1.0

vendor:oraclemodel:retail customer management and segmentation foundationscope:eqversion:18.0

Trust: 1.0

vendor:oraclemodel:banking platformscope:gteversion:2.4.0

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:oraclemodel:retail customer management and segmentation foundationscope:eqversion:19.0

Trust: 1.0

vendor:oraclemodel:data integratorscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:dom4jmodel:dom4jscope:eqversion:2.1.3

Trust: 0.8

vendor:red hatmodel:decision managerscope: - version: -

Trust: 0.8

vendor:red hatmodel:jboss enterprise application platformscope: - version: -

Trust: 0.8

vendor:red hatmodel:jboss enterprise application platform continuous deliveryscope: - version: -

Trust: 0.8

vendor:red hatmodel:process automationscope: - version: -

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope: - version: -

Trust: 0.8

vendor:red hatmodel:jboss fusescope: - version: -

Trust: 0.8

vendor:red hatmodel:software collectionsscope: - version: -

Trust: 0.8

vendor:red hatmodel:single sign-onscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-004997 // NVD: CVE-2020-10683

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-10683
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-004997
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202004-1133
value: CRITICAL

Trust: 0.6

VULHUB: VHN-163186
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-10683
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-004997
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-163186
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-10683
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-004997
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-163186 // JVNDB: JVNDB-2020-004997 // CNNVD: CNNVD-202004-1133 // NVD: CVE-2020-10683

PROBLEMTYPE DATA

problemtype:CWE-611

Trust: 1.9

sources: VULHUB: VHN-163186 // JVNDB: JVNDB-2020-004997 // NVD: CVE-2020-10683

THREAT TYPE

remote

Trust: 1.3

sources: PACKETSTORM: 160562 // PACKETSTORM: 159924 // PACKETSTORM: 159083 // PACKETSTORM: 158889 // PACKETSTORM: 159015 // PACKETSTORM: 159080 // PACKETSTORM: 159082 // CNNVD: CNNVD-202004-1133

TYPE

sql injection

Trust: 0.6

sources: PACKETSTORM: 159924 // PACKETSTORM: 159083 // PACKETSTORM: 158889 // PACKETSTORM: 159015 // PACKETSTORM: 159080 // PACKETSTORM: 159082

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004997

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-163186

PATCH

title:SAXReader uses system default XMLReader with its defaults. New factory method SAXReader.createDefault() sets more secure defaults.url:https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658

Trust: 0.8

title:version-2.1.3url:https://github.com/dom4j/dom4j/releases/tag/version-2.1.3

Trust: 0.8

title:Bug 1694235url:https://bugzilla.redhat.com/show_bug.cgi?id=1694235

Trust: 0.8

title:dom4j Fixes for code issue vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=116859

Trust: 0.6

sources: JVNDB: JVNDB-2020-004997 // CNNVD: CNNVD-202004-1133

EXTERNAL IDS

db:NVDid:CVE-2020-10683

Trust: 3.3

db:PACKETSTORMid:159083

Trust: 0.8

db:PACKETSTORMid:160562

Trust: 0.8

db:PACKETSTORMid:158916

Trust: 0.8

db:PACKETSTORMid:159015

Trust: 0.8

db:JVNDBid:JVNDB-2020-004997

Trust: 0.8

db:CNNVDid:CNNVD-202004-1133

Trust: 0.7

db:PACKETSTORMid:159921

Trust: 0.7

db:PACKETSTORMid:158891

Trust: 0.7

db:PACKETSTORMid:159544

Trust: 0.7

db:AUSCERTid:ESB-2020.2837

Trust: 0.6

db:AUSCERTid:ESB-2020.4464

Trust: 0.6

db:AUSCERTid:ESB-2020.2087

Trust: 0.6

db:AUSCERTid:ESB-2020.2826

Trust: 0.6

db:AUSCERTid:ESB-2020.1581

Trust: 0.6

db:AUSCERTid:ESB-2023.3781

Trust: 0.6

db:AUSCERTid:ESB-2020.3894

Trust: 0.6

db:AUSCERTid:ESB-2020.2992

Trust: 0.6

db:AUSCERTid:ESB-2020.3742

Trust: 0.6

db:AUSCERTid:ESB-2020.3513

Trust: 0.6

db:AUSCERTid:ESB-2020.3065

Trust: 0.6

db:CS-HELPid:SB2021042542

Trust: 0.6

db:CS-HELPid:SB2021072165

Trust: 0.6

db:CS-HELPid:SB2022072096

Trust: 0.6

db:CS-HELPid:SB2021042642

Trust: 0.6

db:CS-HELPid:SB2021072747

Trust: 0.6

db:NSFOCUSid:47453

Trust: 0.6

db:PACKETSTORMid:159080

Trust: 0.2

db:PACKETSTORMid:158889

Trust: 0.2

db:PACKETSTORMid:159924

Trust: 0.2

db:PACKETSTORMid:159082

Trust: 0.2

db:PACKETSTORMid:159081

Trust: 0.1

db:PACKETSTORMid:158881

Trust: 0.1

db:PACKETSTORMid:158884

Trust: 0.1

db:CNVDid:CNVD-2020-33467

Trust: 0.1

db:VULHUBid:VHN-163186

Trust: 0.1

sources: VULHUB: VHN-163186 // JVNDB: JVNDB-2020-004997 // PACKETSTORM: 160562 // PACKETSTORM: 159924 // PACKETSTORM: 159083 // PACKETSTORM: 158889 // PACKETSTORM: 159015 // PACKETSTORM: 159080 // PACKETSTORM: 158916 // PACKETSTORM: 159082 // CNNVD: CNNVD-202004-1133 // NVD: CVE-2020-10683

REFERENCES

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 2.3

url:https://www.oracle.com/security-alerts/cpujan2021.html

Trust: 2.3

url:https://www.oracle.com/security-alerts/cpujul2020.html

Trust: 2.3

url:https://www.oracle.com/security-alerts/cpuoct2020.html

Trust: 2.3

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-10683

Trust: 2.2

url:https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658

Trust: 1.7

url:https://github.com/dom4j/dom4j/releases/tag/version-2.1.3

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20200518-0002/

Trust: 1.7

url:https://bugzilla.redhat.com/show_bug.cgi?id=1694235

Trust: 1.7

url:https://cheatsheetseries.owasp.org/cheatsheets/xml_external_entity_prevention_cheat_sheet.html

Trust: 1.7

url:https://github.com/dom4j/dom4j/commits/version-2.0.3

Trust: 1.7

url:https://github.com/dom4j/dom4j/issues/87

Trust: 1.7

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.html

Trust: 1.7

url:https://usn.ubuntu.com/4575-1/

Trust: 1.7

url:https://access.redhat.com/security/cve/cve-2020-10683

Trust: 1.4

url:https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32%40%3cdev.velocity.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8%40%3cdev.velocity.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51%40%3cnotifications.freemarker.apache.org%3e

Trust: 1.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10683

Trust: 0.8

url:https://access.redhat.com/security/team/contact/

Trust: 0.8

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.8

url:https://bugzilla.redhat.com/):

Trust: 0.8

url:https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51@%3cnotifications.freemarker.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32@%3cdev.velocity.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8@%3cdev.velocity.apache.org%3e

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-10740

Trust: 0.7

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-14900

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2019-14900

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-10740

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-10714

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-10714

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-10693

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-10693

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-1748

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-1748

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-10673

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-10673

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3513/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3781

Trust: 0.6

url:https://packetstormsecurity.com/files/160562/red-hat-security-advisory-2020-5568-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072096

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2992/

Trust: 0.6

url:https://packetstormsecurity.com/files/159544/ubuntu-security-notice-usn-4575-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4464/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2087/

Trust: 0.6

url:https://packetstormsecurity.com/files/159015/red-hat-security-advisory-2020-3585-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072165

Trust: 0.6

url:https://packetstormsecurity.com/files/159921/red-hat-security-advisory-2020-4960-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2837/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6525182

Trust: 0.6

url:https://www.oracle.com/security-alerts/cpujul2021.html

Trust: 0.6

url:https://packetstormsecurity.com/files/158916/red-hat-security-advisory-2020-3501-01.html

Trust: 0.6

url:http://www.nsfocus.net/vulndb/47453

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3894/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1581/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletinibm-resilient-soar-is-using-components-with-known-vulnerabilities-dom4j-cve-2020-10683/

Trust: 0.6

url:https://packetstormsecurity.com/files/158891/red-hat-security-advisory-2020-3463-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-spring-dom4j-mongodb-linux-kernel-targetcli-fb-jackson-node-js-and-apache-commons-affect-ibm-spectrum-protect-plus/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042542

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072747

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042642

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2826/

Trust: 0.6

url:https://vigilance.fr/vulnerability/dom4j-external-xml-entity-injection-via-saxreader-32161

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-dom4j-as-used-by-ibm-qradar-siem-contains-multiple-vulnerabilities-cve-2018-1000632-cve-2020-10683/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3742/

Trust: 0.6

url:https://packetstormsecurity.com/files/159083/red-hat-security-advisory-2020-3642-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3065/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-1710

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-10672

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-10687

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-10672

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-10687

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-1710

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-10718

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-10718

Trust: 0.5

url:https://issues.jboss.org/):

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-6950

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-14297

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-14297

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-6950

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-14307

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-14307

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-11612

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-11612

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9547

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-1695

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9546

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-9547

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9548

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-1695

Trust: 0.3

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-9548

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-8840

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-9546

Trust: 0.3

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-8840

Trust: 0.3

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://access.redhat.com/security/team/key/

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-1719

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17566

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-17566

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-1954

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-1954

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.8.0

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12406

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11973

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11972

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-2692

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9488

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1000873

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11989

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13990

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11980

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11972

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1950

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12406

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11989

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3774

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-0210

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11980

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1960

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-0205

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1393

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11971

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1000873

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7226

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10219

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9489

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14326

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13692

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-0210

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-10202

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10202

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13990

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-3773

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13692

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11994

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-10219

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11973

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1714

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-5398

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11777

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13933

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12423

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-3774

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17638

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12423

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17638

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-2692

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19343

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11994

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11971

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19343

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:5568

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3773

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-0205

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11777

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2875

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2934

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2933

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:4961

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1945

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1945

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2875

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2934

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2933

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.9/

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=rhpam&version=7.9.0

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:3642

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:3462

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-10172

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:3585

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product\xeap-cd&version

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10719

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1719

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10705

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10172

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10705

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10719

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/20/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14371

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14371

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:3639

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10758

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10758

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:3501

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1728

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1728

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso&downloadtype=securitypatches&version=7.4

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:3638

Trust: 0.1

sources: VULHUB: VHN-163186 // JVNDB: JVNDB-2020-004997 // PACKETSTORM: 160562 // PACKETSTORM: 159924 // PACKETSTORM: 159083 // PACKETSTORM: 158889 // PACKETSTORM: 159015 // PACKETSTORM: 159080 // PACKETSTORM: 158916 // PACKETSTORM: 159082 // CNNVD: CNNVD-202004-1133 // NVD: CVE-2020-10683

CREDITS

Red Hat

Trust: 1.4

sources: PACKETSTORM: 160562 // PACKETSTORM: 159924 // PACKETSTORM: 159083 // PACKETSTORM: 158889 // PACKETSTORM: 159015 // PACKETSTORM: 159080 // PACKETSTORM: 158916 // PACKETSTORM: 159082 // CNNVD: CNNVD-202004-1133

SOURCES

db:VULHUBid:VHN-163186
db:JVNDBid:JVNDB-2020-004997
db:PACKETSTORMid:160562
db:PACKETSTORMid:159924
db:PACKETSTORMid:159083
db:PACKETSTORMid:158889
db:PACKETSTORMid:159015
db:PACKETSTORMid:159080
db:PACKETSTORMid:158916
db:PACKETSTORMid:159082
db:CNNVDid:CNNVD-202004-1133
db:NVDid:CVE-2020-10683

LAST UPDATE DATE

2024-12-21T20:39:58.826000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-163186date:2022-07-25T00:00:00
db:JVNDBid:JVNDB-2020-004997date:2020-06-04T00:00:00
db:CNNVDid:CNNVD-202004-1133date:2023-07-04T00:00:00
db:NVDid:CVE-2020-10683date:2024-11-21T04:55:50.587

SOURCES RELEASE DATE

db:VULHUBid:VHN-163186date:2020-05-01T00:00:00
db:JVNDBid:JVNDB-2020-004997date:2020-06-04T00:00:00
db:PACKETSTORMid:160562date:2020-12-16T18:17:52
db:PACKETSTORMid:159924date:2020-11-06T15:18:46
db:PACKETSTORMid:159083date:2020-09-07T16:39:48
db:PACKETSTORMid:158889date:2020-08-17T17:43:07
db:PACKETSTORMid:159015date:2020-08-31T16:22:15
db:PACKETSTORMid:159080date:2020-09-07T16:37:51
db:PACKETSTORMid:158916date:2020-08-19T16:44:13
db:PACKETSTORMid:159082date:2020-09-07T16:39:28
db:CNNVDid:CNNVD-202004-1133date:2020-04-15T00:00:00
db:NVDid:CVE-2020-10683date:2020-05-01T19:15:12.927