ID

VAR-202005-1054


CVE

CVE-2020-10683


TITLE

dom4j In XML External entity vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-004997

DESCRIPTION

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. dom4j To XML There is a vulnerability in an external entity.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. dom4j is an open source framework for processing XML. A code issue vulnerability exists in dom4j versions prior to 2.0.3 and 2.1.x versions prior to 2.1.3. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update Advisory ID: RHSA-2020:3461-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:3461 Issue date: 2020-08-17 CVE Names: CVE-2019-14900 CVE-2020-1710 CVE-2020-1748 CVE-2020-10672 CVE-2020-10673 CVE-2020-10683 CVE-2020-10687 CVE-2020-10693 CVE-2020-10714 CVE-2020-10718 CVE-2020-10740 CVE-2020-14297 ===================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.3 for RHEL 6 Server - noarch 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718) * dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683) * wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714) * wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687) * jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673) * hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900) * wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740) * jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672) * undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710) * hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693) * wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748) * wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297) For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM 1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser 1785049 - CVE-2020-10687 Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests 1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1828476 - CVE-2020-10718 wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API 1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans 1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service 6. JIRA issues fixed (https://issues.jboss.org/): JBEAP-18793 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.16 to 5.3.17 JBEAP-19095 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.20 to 1.0.21 JBEAP-19134 - (7.3.z) Upgrade HAL from 3.2.8.Final-redhat-00001 to 3.2.9.Final JBEAP-19185 - (7.3.z) Upgrade IronJacamar from 1.4.20.Final to 1.4.22.Final JBEAP-19203 - (7.3.z) WFCORE-4850 - Updating mockserver to 5.9.0. Exclusion of dependency from xom.io7m JBEAP-19205 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.x JBEAP-19269 - [GSS](7.3.z) Upgrade jboss-logmanager from 2.1.14.Final to 2.1.15.Final JBEAP-19322 - (7.3.z) Upgrade XNIO from 3.7.7 to 3.7.8.SP1 JBEAP-19325 - (7.3.z) Upgrade Infinispan from 9.4.18.Final-redhat-00001 to 9.4.19.Final-redhat-00001 JBEAP-19397 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP09-redhat-00001 to 2.3.9.SP11-redhat-00001 JBEAP-19409 - Tracker bug for the EAP 7.3.2 release for RHEL-6 JBEAP-19529 - (7.3.z) Update PR template to include PR-processor hints. JBEAP-19564 - [GSS](7.3.z) Upgrade jboss-ejb-client from 4.0.31.Final-redhat-00001 to 4.0.33.Final-redhat-00001 JBEAP-19585 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.4 to 2.0.6 JBEAP-19617 - (7.3.z) Upgrade wildfly-naming-client from 1.0.12.Final-redhat-00001 to 1.0.13.Final-redhat-00001 JBEAP-19619 - (7.3.z) Upgrade JBoss JSF API from 3.0.0.SP02-redhat-00001 to 3.0.0.SP04-redhat-00001 JBEAP-19673 - (7.3.z) [WFCORE] Upgrade WildFly Common to 1.5.2.Final JBEAP-19674 - (7.3.z) [WFCORE] Upgrade galleon and wildfly-galleon-plugins from 4.1.2.Final to 4.2.4.Final JBEAP-19874 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.21.Final-redhat-00001 to 1.0.22.Final-redhat-00001 7. Package List: Red Hat JBoss EAP 7.3 for RHEL 6 Server: Source: eap7-dom4j-2.1.3-1.redhat_00001.1.el6eap.src.rpm eap7-elytron-web-1.6.2-1.Final_redhat_00001.1.el6eap.src.rpm eap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el6eap.src.rpm eap7-hal-console-3.2.9-1.Final_redhat_00001.1.el6eap.src.rpm eap7-hibernate-5.3.17-1.Final_redhat_00001.1.el6eap.src.rpm eap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el6eap.src.rpm eap7-infinispan-9.4.19-1.Final_redhat_00001.1.el6eap.src.rpm eap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jackson-annotations-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-core-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-databind-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-jaxrs-providers-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el6eap.src.rpm eap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el6eap.src.rpm eap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el6eap.src.rpm eap7-netty-4.1.48-1.Final_redhat_00001.1.el6eap.src.rpm eap7-undertow-2.0.30-4.SP4_redhat_00001.1.el6eap.src.rpm eap7-wildfly-7.3.2-4.GA_redhat_00002.1.el6eap.src.rpm eap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el6eap.src.rpm eap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el6eap.src.rpm eap7-wildfly-http-client-1.0.22-1.Final_redhat_00001.1.el6eap.src.rpm noarch: eap7-dom4j-2.1.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el6eap.noarch.rpm eap7-hal-console-3.2.9-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-core-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-entitymanager-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-envers-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-java8-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-validator-cdi-6.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-cachestore-jdbc-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-cachestore-remote-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-client-hotrod-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-commons-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-core-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-commons-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-spi-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-v53-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-api-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-impl-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-spi-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-core-api-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-core-impl-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-deployers-common-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-jdbc-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-validator-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jackson-annotations-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-core-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-databind-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-datatype-jdk8-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-datatype-jsr310-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-jaxrs-base-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-jaxrs-json-provider-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-module-jaxb-annotations-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-cli-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-core-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.3-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly15.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly16.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly17.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly18.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el6eap.noarch.rpm eap7-netty-4.1.48-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-netty-all-4.1.48-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-undertow-2.0.30-4.SP4_redhat_00001.1.el6eap.noarch.rpm eap7-undertow-server-1.6.2-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-elytron-tool-1.10.7-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-client-common-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-javadocs-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-modules-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2019-14900 https://access.redhat.com/security/cve/CVE-2020-1710 https://access.redhat.com/security/cve/CVE-2020-1748 https://access.redhat.com/security/cve/CVE-2020-10672 https://access.redhat.com/security/cve/CVE-2020-10673 https://access.redhat.com/security/cve/CVE-2020-10683 https://access.redhat.com/security/cve/CVE-2020-10687 https://access.redhat.com/security/cve/CVE-2020-10693 https://access.redhat.com/security/cve/CVE-2020-10714 https://access.redhat.com/security/cve/CVE-2020-10718 https://access.redhat.com/security/cve/CVE-2020-10740 https://access.redhat.com/security/cve/CVE-2020-14297 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/ 9. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXzqIS9zjgjWX9erEAQjYNxAAk4rojlcRbfjwu0wlWLTU1MbxQNclVtVh MpQnFzyvJVVXX0lslx7NGxHlRNWRgqI/XC1QDqlHpRs4du5/a2Uj+8c5u+WPQefF QCqOvSntbMli42/I7+fCehLVofx/HkuAVcBoGrIGby1E4rddDljh4bH3r43I7wa5 HN9ki8uFAy8bIAzfXW+RB4rxtnsAABv/VFoH1fWmrXCXE6A6aG+AU86ddty0JQHN JhQp6v/X/3ccCvHYTAO8vlbqIJ4fE86e1+5oRBor+4ZD4mMVzGKm4cf8CMPXsKIB 9dFGo8WHFBgEi4hBbBFtFfaE2DGZ6K4Q7X0IAhiiYJmpPg8NgzGiqVvOAG+/OrBz DE84ZPxZwS1zR82wwIyHP4W5mYIhQTxhtp+E9Klu4gpFIAmK8bVfGf2Ub0HOCS6z sbN1Eiv0SBfWRHBfBkuRTBd0aEcmGRNl4GSXzXtanTf0OhFk/4pxdJPmKDEBFWvg 3dtwFi7+/8JoAch8GKQCo4UoSo6etQu45sUH6Q8ozuxYA72+J9K7cpwp/fVhiYRT nruC+2HDuugrC8UVJ/24E++49omdSXAm+UR9tvkFdVU3IpXLJNWO8s4QbrGC7CN7 Lvg/ukygGhrEEyQ1J9yYSeeNISQWJGOSKj/bgYRAh/AbX/QcZZfus7ppAasNjndn Bk4PSTq9yaw= =ZNiG -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. The References section of this erratum contains a download link (you must log in to download the update). The JBoss server process must be restarted for the update to take effect

Trust: 2.34

sources: NVD: CVE-2020-10683 // JVNDB: JVNDB-2020-004997 // VULHUB: VHN-163186 // PACKETSTORM: 159924 // PACKETSTORM: 158884 // PACKETSTORM: 158889 // PACKETSTORM: 158891 // PACKETSTORM: 159921 // PACKETSTORM: 158881 // PACKETSTORM: 159082

AFFECTED PRODUCTS

vendor:dom4jmodel:dom4jscope:ltversion:2.0.3

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.0.0

Trust: 1.0

vendor:netappmodel:oncommand api servicesscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:18.0

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:gteversion:18.1.0.0

Trust: 1.0

vendor:oraclemodel:retail customer management and segmentation foundationscope:eqversion:18.0

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:19.0

Trust: 1.0

vendor:oraclemodel:agile plmscope:eqversion:9.3.5

Trust: 1.0

vendor:oraclemodel:flexcube core bankingscope:eqversion:11.7.0

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:19.1

Trust: 1.0

vendor:oraclemodel:rapid planningscope:eqversion:12.2

Trust: 1.0

vendor:oraclemodel:banking platformscope:lteversion:2.10.0

Trust: 1.0

vendor:oraclemodel:health sciences information managerscope:eqversion:3.0.1

Trust: 1.0

vendor:oraclemodel:retail customer management and segmentation foundationscope:eqversion:17.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.2.0.3.0

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.4.0.0

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:data integratorscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:documakerscope:lteversion:12.6.4

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:lteversion:11.3.0

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:gteversion:17.1.0.0

Trust: 1.0

vendor:netappmodel:snapcenterscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:webcenter portalscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:insurance policy administration j2eescope:lteversion:11.3.0

Trust: 1.0

vendor:oraclemodel:flexcube core bankingscope:eqversion:11.10.0

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:lteversion:17.12.17.1

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:2.2.0.0.0

Trust: 1.0

vendor:oraclemodel:rapid planningscope:eqversion:12.1

Trust: 1.0

vendor:oraclemodel:retail price managementscope:eqversion:14.1.3.0

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:lteversion:8.2.2

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:gteversion:4.3.0.1.0

Trust: 1.0

vendor:oraclemodel:banking platformscope:gteversion:2.4.0

Trust: 1.0

vendor:dom4jmodel:dom4jscope:ltversion:2.1.3

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:lteversion:8.1.0

Trust: 1.0

vendor:oraclemodel:documakerscope:gteversion:12.6.0

Trust: 1.0

vendor:oraclemodel:webcenter portalscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:application testing suitescope:eqversion:13.3.0.1

Trust: 1.0

vendor:oraclemodel:enterprise data qualityscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:10.2.4

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:gteversion:11.1.0

Trust: 1.0

vendor:oraclemodel:business process management suitescope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:dom4jmodel:dom4jscope:gteversion:2.1.0

Trust: 1.0

vendor:oraclemodel:retail price managementscope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:retail customer management and segmentation foundationscope:eqversion:19.0

Trust: 1.0

vendor:oraclemodel:insurance policy administration j2eescope:eqversion:10.2.4

Trust: 1.0

vendor:oraclemodel:insurance policy administration j2eescope:gteversion:11.1.0

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:10.2.0

Trust: 1.0

vendor:netappmodel:oncommand workflow automationscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.2.0

Trust: 1.0

vendor:oraclemodel:agile plmscope:eqversion:9.3.3

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:gteversion:8.0.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.2.0.2.0

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.3.0

Trust: 1.0

vendor:oraclemodel:insurance policy administration j2eescope:eqversion:10.2.0

Trust: 1.0

vendor:oraclemodel:webcenter portalscope:eqversion:11.1.1.9.0

Trust: 1.0

vendor:oraclemodel:retail customer management and segmentation foundationscope:eqversion:16.0

Trust: 1.0

vendor:netappmodel:snapmanagerscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:gteversion:19.12.0.0

Trust: 1.0

vendor:oraclemodel:storagetek tape analytics sw toolscope:eqversion:2.3

Trust: 1.0

vendor:oraclemodel:retail price managementscope:eqversion:15.0.3.0

Trust: 1.0

vendor:oraclemodel:business process management suitescope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:oraclemodel:enterprise data qualityscope:eqversion:11.1.1.9.0

Trust: 1.0

vendor:oraclemodel:fusion middlewarescope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:endeca information discovery integratorscope:eqversion:3.2.0

Trust: 1.0

vendor:oraclemodel:flexcube core bankingscope:eqversion:11.8.0

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:11.0.2

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:15.0.4

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:18.0.3

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:16.0.6

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.4.0

Trust: 1.0

vendor:netappmodel:snap creator frameworkscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:insurance policy administration j2eescope:eqversion:11.0.2

Trust: 1.0

vendor:oraclemodel:jdeveloperscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:lteversion:18.8.19.0

Trust: 1.0

vendor:oraclemodel:communications application session controllerscope:eqversion:3.9m0p1

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:lteversion:19.12.6.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:gteversion:8.0.6

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:lteversion:4.3.0.6.0

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:gteversion:16.1.0.0

Trust: 1.0

vendor:oraclemodel:health sciences empirica signalscope:eqversion:9.0

Trust: 1.0

vendor:oraclemodel:data integratorscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:lteversion:16.2.20.1

Trust: 1.0

vendor:oraclemodel:retail price managementscope:eqversion:14.0.3

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:17.0.4

Trust: 1.0

vendor:oraclemodel:flexcube core bankingscope:eqversion:11.9.0

Trust: 1.0

vendor:dom4jmodel:dom4jscope:eqversion:2.1.3

Trust: 0.8

vendor:red hatmodel:decision managerscope: - version: -

Trust: 0.8

vendor:red hatmodel:jboss enterprise application platformscope: - version: -

Trust: 0.8

vendor:red hatmodel:jboss enterprise application platform continuous deliveryscope: - version: -

Trust: 0.8

vendor:red hatmodel:process automationscope: - version: -

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope: - version: -

Trust: 0.8

vendor:red hatmodel:jboss fusescope: - version: -

Trust: 0.8

vendor:red hatmodel:software collectionsscope: - version: -

Trust: 0.8

vendor:red hatmodel:single sign-onscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-004997 // NVD: CVE-2020-10683

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-10683
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-004997
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202004-1133
value: CRITICAL

Trust: 0.6

VULHUB: VHN-163186
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-10683
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-004997
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-163186
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-10683
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-004997
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-163186 // JVNDB: JVNDB-2020-004997 // CNNVD: CNNVD-202004-1133 // NVD: CVE-2020-10683

PROBLEMTYPE DATA

problemtype:CWE-611

Trust: 1.9

sources: VULHUB: VHN-163186 // JVNDB: JVNDB-2020-004997 // NVD: CVE-2020-10683

THREAT TYPE

remote

Trust: 1.3

sources: PACKETSTORM: 159924 // PACKETSTORM: 158884 // PACKETSTORM: 158889 // PACKETSTORM: 158891 // PACKETSTORM: 159921 // PACKETSTORM: 158881 // PACKETSTORM: 159082 // CNNVD: CNNVD-202004-1133

TYPE

sql injection

Trust: 0.7

sources: PACKETSTORM: 159924 // PACKETSTORM: 158884 // PACKETSTORM: 158889 // PACKETSTORM: 158891 // PACKETSTORM: 159921 // PACKETSTORM: 158881 // PACKETSTORM: 159082

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004997

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-163186

PATCH

title:SAXReader uses system default XMLReader with its defaults. New factory method SAXReader.createDefault() sets more secure defaults.url:https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658

Trust: 0.8

title:version-2.1.3url:https://github.com/dom4j/dom4j/releases/tag/version-2.1.3

Trust: 0.8

title:Bug 1694235url:https://bugzilla.redhat.com/show_bug.cgi?id=1694235

Trust: 0.8

title:dom4j Fixes for code issue vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=116859

Trust: 0.6

sources: JVNDB: JVNDB-2020-004997 // CNNVD: CNNVD-202004-1133

EXTERNAL IDS

db:NVDid:CVE-2020-10683

Trust: 3.2

db:PACKETSTORMid:159921

Trust: 0.8

db:PACKETSTORMid:158891

Trust: 0.8

db:JVNDBid:JVNDB-2020-004997

Trust: 0.8

db:CNNVDid:CNNVD-202004-1133

Trust: 0.7

db:PACKETSTORMid:159083

Trust: 0.7

db:PACKETSTORMid:160562

Trust: 0.7

db:PACKETSTORMid:158916

Trust: 0.7

db:PACKETSTORMid:159544

Trust: 0.7

db:PACKETSTORMid:159015

Trust: 0.7

db:AUSCERTid:ESB-2020.2837

Trust: 0.6

db:AUSCERTid:ESB-2020.4464

Trust: 0.6

db:AUSCERTid:ESB-2020.2087

Trust: 0.6

db:AUSCERTid:ESB-2020.2826

Trust: 0.6

db:AUSCERTid:ESB-2020.1581

Trust: 0.6

db:AUSCERTid:ESB-2023.3781

Trust: 0.6

db:AUSCERTid:ESB-2020.3894

Trust: 0.6

db:AUSCERTid:ESB-2020.2992

Trust: 0.6

db:AUSCERTid:ESB-2020.3742

Trust: 0.6

db:AUSCERTid:ESB-2020.3513

Trust: 0.6

db:AUSCERTid:ESB-2020.3065

Trust: 0.6

db:CS-HELPid:SB2021042542

Trust: 0.6

db:CS-HELPid:SB2021072165

Trust: 0.6

db:CS-HELPid:SB2022072096

Trust: 0.6

db:CS-HELPid:SB2021042642

Trust: 0.6

db:CS-HELPid:SB2021072747

Trust: 0.6

db:NSFOCUSid:47453

Trust: 0.6

db:PACKETSTORMid:158881

Trust: 0.2

db:PACKETSTORMid:158889

Trust: 0.2

db:PACKETSTORMid:159924

Trust: 0.2

db:PACKETSTORMid:158884

Trust: 0.2

db:PACKETSTORMid:159082

Trust: 0.2

db:PACKETSTORMid:159081

Trust: 0.1

db:PACKETSTORMid:159080

Trust: 0.1

db:CNVDid:CNVD-2020-33467

Trust: 0.1

db:VULHUBid:VHN-163186

Trust: 0.1

sources: VULHUB: VHN-163186 // JVNDB: JVNDB-2020-004997 // PACKETSTORM: 159924 // PACKETSTORM: 158884 // PACKETSTORM: 158889 // PACKETSTORM: 158891 // PACKETSTORM: 159921 // PACKETSTORM: 158881 // PACKETSTORM: 159082 // CNNVD: CNNVD-202004-1133 // NVD: CVE-2020-10683

REFERENCES

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 2.3

url:https://www.oracle.com/security-alerts/cpujan2021.html

Trust: 2.3

url:https://www.oracle.com/security-alerts/cpujul2020.html

Trust: 2.3

url:https://www.oracle.com/security-alerts/cpuoct2020.html

Trust: 2.3

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-10683

Trust: 2.1

url:https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658

Trust: 1.7

url:https://github.com/dom4j/dom4j/releases/tag/version-2.1.3

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20200518-0002/

Trust: 1.7

url:https://bugzilla.redhat.com/show_bug.cgi?id=1694235

Trust: 1.7

url:https://cheatsheetseries.owasp.org/cheatsheets/xml_external_entity_prevention_cheat_sheet.html

Trust: 1.7

url:https://github.com/dom4j/dom4j/commits/version-2.0.3

Trust: 1.7

url:https://github.com/dom4j/dom4j/issues/87

Trust: 1.7

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.html

Trust: 1.7

url:https://usn.ubuntu.com/4575-1/

Trust: 1.7

url:https://access.redhat.com/security/cve/cve-2020-10683

Trust: 1.3

url:https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8%40%3cdev.velocity.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32%40%3cdev.velocity.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51%40%3cnotifications.freemarker.apache.org%3e

Trust: 1.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10683

Trust: 0.8

url:https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51@%3cnotifications.freemarker.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32@%3cdev.velocity.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8@%3cdev.velocity.apache.org%3e

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-10693

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-10714

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-14900

Trust: 0.7

url:https://access.redhat.com/security/team/contact/

Trust: 0.7

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-10714

Trust: 0.7

url:https://bugzilla.redhat.com/):

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-10693

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2019-14900

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-1748

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-1748

Trust: 0.7

url:https://www.auscert.org.au/bulletins/esb-2020.3513/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3781

Trust: 0.6

url:https://packetstormsecurity.com/files/160562/red-hat-security-advisory-2020-5568-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072096

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2992/

Trust: 0.6

url:https://packetstormsecurity.com/files/159544/ubuntu-security-notice-usn-4575-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4464/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2087/

Trust: 0.6

url:https://packetstormsecurity.com/files/159015/red-hat-security-advisory-2020-3585-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072165

Trust: 0.6

url:https://packetstormsecurity.com/files/159921/red-hat-security-advisory-2020-4960-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2837/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6525182

Trust: 0.6

url:https://www.oracle.com/security-alerts/cpujul2021.html

Trust: 0.6

url:https://packetstormsecurity.com/files/158916/red-hat-security-advisory-2020-3501-01.html

Trust: 0.6

url:http://www.nsfocus.net/vulndb/47453

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3894/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1581/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletinibm-resilient-soar-is-using-components-with-known-vulnerabilities-dom4j-cve-2020-10683/

Trust: 0.6

url:https://packetstormsecurity.com/files/158891/red-hat-security-advisory-2020-3463-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-spring-dom4j-mongodb-linux-kernel-targetcli-fb-jackson-node-js-and-apache-commons-affect-ibm-spectrum-protect-plus/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042542

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072747

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042642

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2826/

Trust: 0.6

url:https://vigilance.fr/vulnerability/dom4j-external-xml-entity-injection-via-saxreader-32161

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-dom4j-as-used-by-ibm-qradar-siem-contains-multiple-vulnerabilities-cve-2018-1000632-cve-2020-10683/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3742/

Trust: 0.6

url:https://packetstormsecurity.com/files/159083/red-hat-security-advisory-2020-3642-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3065/

Trust: 0.6

url:https://issues.jboss.org/):

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-1710

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-10740

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-14297

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-10672

Trust: 0.5

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-10687

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-10673

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-14297

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-10672

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-10687

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-10740

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-1710

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-10718

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-10718

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-10673

Trust: 0.5

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://access.redhat.com/security/team/key/

Trust: 0.4

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/

Trust: 0.3

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-2875

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-2934

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-2933

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17566

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-1945

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-1954

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-17566

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-1945

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-2875

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-2934

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-2933

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-1954

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-14307

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14307

Trust: 0.2

url:https://access.redhat.com/errata/rhsa-2020:4961

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.9/

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=rhpam&version=7.9.0

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:3461

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:3462

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:3463

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=rhdm&version=7.9.0

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.9/

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:4960

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:3464

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-6950

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9547

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1695

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9546

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9547

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9548

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:3638

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1695

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9548

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8840

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9546

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8840

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6950

Trust: 0.1

sources: VULHUB: VHN-163186 // JVNDB: JVNDB-2020-004997 // PACKETSTORM: 159924 // PACKETSTORM: 158884 // PACKETSTORM: 158889 // PACKETSTORM: 158891 // PACKETSTORM: 159921 // PACKETSTORM: 158881 // PACKETSTORM: 159082 // CNNVD: CNNVD-202004-1133 // NVD: CVE-2020-10683

CREDITS

Red Hat

Trust: 1.3

sources: PACKETSTORM: 159924 // PACKETSTORM: 158884 // PACKETSTORM: 158889 // PACKETSTORM: 158891 // PACKETSTORM: 159921 // PACKETSTORM: 158881 // PACKETSTORM: 159082 // CNNVD: CNNVD-202004-1133

SOURCES

db:VULHUBid:VHN-163186
db:JVNDBid:JVNDB-2020-004997
db:PACKETSTORMid:159924
db:PACKETSTORMid:158884
db:PACKETSTORMid:158889
db:PACKETSTORMid:158891
db:PACKETSTORMid:159921
db:PACKETSTORMid:158881
db:PACKETSTORMid:159082
db:CNNVDid:CNNVD-202004-1133
db:NVDid:CVE-2020-10683

LAST UPDATE DATE

2024-11-21T20:58:27.978000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-163186date:2022-07-25T00:00:00
db:JVNDBid:JVNDB-2020-004997date:2020-06-04T00:00:00
db:CNNVDid:CNNVD-202004-1133date:2023-07-04T00:00:00
db:NVDid:CVE-2020-10683date:2023-11-07T03:14:11.907

SOURCES RELEASE DATE

db:VULHUBid:VHN-163186date:2020-05-01T00:00:00
db:JVNDBid:JVNDB-2020-004997date:2020-06-04T00:00:00
db:PACKETSTORMid:159924date:2020-11-06T15:18:46
db:PACKETSTORMid:158884date:2020-08-17T17:34:41
db:PACKETSTORMid:158889date:2020-08-17T17:43:07
db:PACKETSTORMid:158891date:2020-08-17T17:43:22
db:PACKETSTORMid:159921date:2020-11-06T15:06:03
db:PACKETSTORMid:158881date:2020-08-17T15:35:45
db:PACKETSTORMid:159082date:2020-09-07T16:39:28
db:CNNVDid:CNNVD-202004-1133date:2020-04-15T00:00:00
db:NVDid:CVE-2020-10683date:2020-05-01T19:15:12.927