ID

VAR-202203-1400


CVE

CVE-2020-36518


TITLE

Red Hat Security Advisory 2022-6813-01

Trust: 0.1

sources: PACKETSTORM: 168638

DESCRIPTION

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. Description: Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. Security Fix(es): * chart.js: prototype pollution (CVE-2020-7746) * moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129) * package immer before 9.0.6. After installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link. You must log in to download the update. Description: Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 7 Advisory ID: RHSA-2022:4918-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:4918 Issue date: 2022-06-06 CVE Names: CVE-2020-36518 CVE-2021-37136 CVE-2021-37137 CVE-2021-42392 CVE-2021-43797 CVE-2022-0084 CVE-2022-0853 CVE-2022-0866 CVE-2022-1319 CVE-2022-21299 CVE-2022-21363 CVE-2022-23221 CVE-2022-23437 CVE-2022-23913 CVE-2022-24785 ==================================================================== 1. Summary: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.4 for RHEL 7 Server - noarch, x86_64 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221) * jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518) * netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136) * netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137) * h2: Remote Code Execution in Console (CVE-2021-42392) * netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797) * xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084) * wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866) * undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319) * OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299) * mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363) * xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437) * artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913) * Moment.js: Path traversal in moment.locale (CVE-2022-24785) * jboss-client: memory leakage in remote client transaction (CVE-2022-0853) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 2039403 - CVE-2021-42392 h2: Remote Code Execution in Console 2041472 - CVE-2022-21299 OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) 2044596 - CVE-2022-23221 h2: Loading of custom classes from remote servers through JNDI 2047200 - CVE-2022-23437 xerces-j2: infinite loop when handling specially crafted XML document payloads 2047343 - CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors 2060725 - CVE-2022-0853 jboss-client: memory leakage in remote client transaction 2060929 - CVE-2022-0866 wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled 2063601 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS 2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale 2073890 - CVE-2022-1319 undertow: Double AJP response for 400 from EAP 7 results in CPING failures 6. JIRA issues fixed (https://issues.jboss.org/): JBEAP-23120 - Tracker bug for the EAP 7.4.5 release for RHEL-7 JBEAP-23171 - (7.4.z) Upgrade HAL from 3.3.9.Final-redhat-00001 to 3.3.12.Final-redhat-00001 JBEAP-23194 - Upgrade hibernate-validator from 6.0.22.Final-redhat-00002 to 6.0.23-redhat-00001 JBEAP-23241 - [GSS](7.4.z) Upgrade jberet from 1.3.9 to 1.3.9.SP1 JBEAP-23299 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00034 to 2.16.0.redhat-00042 JBEAP-23300 - [GSS](7.4.z) Upgrade JBoss Remoting from 5.0.23.SP1 to 5.0.24.SP1 JBEAP-23312 - (7.4.z) Upgrade WildFly Core from 15.0.8.Final-redhat-00001 to 15.0.12.Final-redhat-00001 JBEAP-23313 - (7.4.z) Upgrade Elytron from 1.15.11.Final-redhat-00002 to 1.15.12.Final-redhat-00001 JBEAP-23336 - (7.4.z) Upgrade Hibernate ORM from 5.3.25.Final-redhat-00002 to 5.3.26.Final-redhat-00002 JBEAP-23338 - [GSS](7.4.z) Upgrade Undertow from 2.2.16 to 2.2.17.SP3 JBEAP-23339 - [GSS](7.4.z) Upgrade wildfly-http-ejb-client from 1.1.10 to 1.1.11.SP1 JBEAP-23351 - (7.4.z) Upgrade org.apache.logging.log4j from 2.17.1.redhat-00001 to 2.17.1.redhat-00002 JBEAP-23353 - (7.4.z) Upgrade wildfly-transaction-client from 1.1.14.Final-redhat-00001 to 1.1.15.Final-redhat-x JBEAP-23429 - [PM](7.4.z) JDK17 Update Tested Configurations page and make note in Update release notes JBEAP-23432 - [GSS](7.4.z) Upgrade JSF API from 3.0.0.SP04 to 3.0.0.SP05 JBEAP-23451 - [PST] (7.4.z) Upgrade to FasterXML Jackson to 2.12.6.redhat-00001 and Jackson Databind to 2.12.6.1.redhat-00003 JBEAP-23531 - [GSS](7.4.z) Upgrade Undertow from 2.2.17.SP3 to 2.2.17.SP4 JBEAP-23532 - (7.4.z) Upgrade WildFly Core from 15.0.12.Final-redhat-00001 to 15.0.13.Final-redhat-00001 7. Package List: Red Hat JBoss EAP 7.4 for RHEL 7 Server: Source: eap7-activemq-artemis-2.16.0-9.redhat_00042.1.el7eap.src.rpm eap7-h2database-1.4.197-2.redhat_00004.1.el7eap.src.rpm eap7-hal-console-3.3.12-1.Final_redhat_00001.1.el7eap.src.rpm eap7-hibernate-5.3.26-1.Final_redhat_00002.2.el7eap.src.rpm eap7-hibernate-validator-6.0.23-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jackson-annotations-2.12.6-1.redhat_00001.1.el7eap.src.rpm eap7-jackson-core-2.12.6-1.redhat_00001.1.el7eap.src.rpm eap7-jackson-databind-2.12.6.1-1.redhat_00003.1.el7eap.src.rpm eap7-jackson-jaxrs-providers-2.12.6-1.redhat_00001.1.el7eap.src.rpm eap7-jackson-modules-base-2.12.6-1.redhat_00001.1.el7eap.src.rpm eap7-jackson-modules-java8-2.12.6-1.redhat_00001.1.el7eap.src.rpm eap7-jberet-1.3.9-1.SP1_redhat_00001.1.el7eap.src.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP05_redhat_00002.1.el7eap.src.rpm eap7-jboss-remoting-5.0.24-1.SP1_redhat_00001.1.el7eap.src.rpm eap7-jboss-server-migration-1.10.0-16.Final_redhat_00015.1.el7eap.src.rpm eap7-jboss-xnio-base-3.8.7-1.SP1_redhat_00001.1.el7eap.src.rpm eap7-log4j-2.17.1-2.redhat_00002.1.el7eap.src.rpm eap7-netty-4.1.72-4.Final_redhat_00001.1.el7eap.src.rpm eap7-netty-tcnative-2.0.48-1.Final_redhat_00001.1.el7eap.src.rpm eap7-netty-transport-native-epoll-4.1.72-1.Final_redhat_00001.1.el7eap.src.rpm eap7-snakeyaml-1.29.0-1.redhat_00001.2.el7eap.src.rpm eap7-undertow-2.2.17-2.SP4_redhat_00001.1.el7eap.src.rpm eap7-wildfly-7.4.5-3.GA_redhat_00001.1.el7eap.src.rpm eap7-wildfly-elytron-1.15.12-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-http-client-1.1.11-1.SP1_redhat_00001.1.el7eap.src.rpm eap7-wildfly-transaction-client-1.1.15-1.Final_redhat_00001.1.el7eap.src.rpm eap7-xerces-j2-2.12.0-3.SP04_redhat_00001.1.el7eap.src.rpm noarch: eap7-activemq-artemis-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm eap7-activemq-artemis-cli-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm eap7-activemq-artemis-commons-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm eap7-activemq-artemis-core-client-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm eap7-activemq-artemis-dto-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm eap7-activemq-artemis-hornetq-protocol-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm eap7-activemq-artemis-hqclient-protocol-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm eap7-activemq-artemis-jdbc-store-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm eap7-activemq-artemis-jms-client-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm eap7-activemq-artemis-jms-server-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm eap7-activemq-artemis-journal-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm eap7-activemq-artemis-ra-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm eap7-activemq-artemis-selector-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm eap7-activemq-artemis-server-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm eap7-activemq-artemis-service-extensions-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm eap7-activemq-artemis-tools-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm eap7-h2database-1.4.197-2.redhat_00004.1.el7eap.noarch.rpm eap7-hal-console-3.3.12-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-5.3.26-1.Final_redhat_00002.2.el7eap.noarch.rpm eap7-hibernate-core-5.3.26-1.Final_redhat_00002.2.el7eap.noarch.rpm eap7-hibernate-entitymanager-5.3.26-1.Final_redhat_00002.2.el7eap.noarch.rpm eap7-hibernate-envers-5.3.26-1.Final_redhat_00002.2.el7eap.noarch.rpm eap7-hibernate-java8-5.3.26-1.Final_redhat_00002.2.el7eap.noarch.rpm eap7-hibernate-validator-6.0.23-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-validator-cdi-6.0.23-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jackson-annotations-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-core-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-databind-2.12.6.1-1.redhat_00003.1.el7eap.noarch.rpm eap7-jackson-datatype-jdk8-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-datatype-jsr310-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-jaxrs-base-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-jaxrs-json-provider-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-module-jaxb-annotations-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-modules-base-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-modules-java8-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm eap7-jberet-1.3.9-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-jberet-core-1.3.9-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP05_redhat_00002.1.el7eap.noarch.rpm eap7-jboss-remoting-5.0.24-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-server-migration-1.10.0-16.Final_redhat_00015.1.el7eap.noarch.rpm eap7-jboss-server-migration-cli-1.10.0-16.Final_redhat_00015.1.el7eap.noarch.rpm eap7-jboss-server-migration-core-1.10.0-16.Final_redhat_00015.1.el7eap.noarch.rpm eap7-jboss-xnio-base-3.8.7-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-log4j-2.17.1-2.redhat_00002.1.el7eap.noarch.rpm eap7-netty-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-all-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-buffer-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-dns-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-haproxy-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-http-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-http2-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-memcache-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-mqtt-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-redis-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-smtp-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-socks-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-stomp-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-xml-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-common-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-handler-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-handler-proxy-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-resolver-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-resolver-dns-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-resolver-dns-classes-macos-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-tcnative-2.0.48-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-classes-epoll-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-classes-kqueue-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-native-unix-common-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-rxtx-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-sctp-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-udt-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-snakeyaml-1.29.0-1.redhat_00001.2.el7eap.noarch.rpm eap7-undertow-2.2.17-2.SP4_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-7.4.5-3.GA_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-elytron-1.15.12-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-elytron-tool-1.15.12-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-client-common-1.1.11-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-ejb-client-1.1.11-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-naming-client-1.1.11-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-transaction-client-1.1.11-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-java-jdk11-7.4.5-3.GA_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-java-jdk8-7.4.5-3.GA_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-javadocs-7.4.5-3.GA_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-modules-7.4.5-3.GA_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-transaction-client-1.1.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-xerces-j2-2.12.0-3.SP04_redhat_00001.1.el7eap.noarch.rpm x86_64: eap7-netty-transport-native-epoll-4.1.72-1.Final_redhat_00001.1.el7eap.x86_64.rpm eap7-netty-transport-native-epoll-debuginfo-4.1.72-1.Final_redhat_00001.1.el7eap.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2020-36518 https://access.redhat.com/security/cve/CVE-2021-37136 https://access.redhat.com/security/cve/CVE-2021-37137 https://access.redhat.com/security/cve/CVE-2021-42392 https://access.redhat.com/security/cve/CVE-2021-43797 https://access.redhat.com/security/cve/CVE-2022-0084 https://access.redhat.com/security/cve/CVE-2022-0853 https://access.redhat.com/security/cve/CVE-2022-0866 https://access.redhat.com/security/cve/CVE-2022-1319 https://access.redhat.com/security/cve/CVE-2022-21299 https://access.redhat.com/security/cve/CVE-2022-21363 https://access.redhat.com/security/cve/CVE-2022-23221 https://access.redhat.com/security/cve/CVE-2022-23437 https://access.redhat.com/security/cve/CVE-2022-23913 https://access.redhat.com/security/cve/CVE-2022-24785 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/ 9. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYp5qBdzjgjWX9erEAQgudg/+KIuaXQZawyOnSNF4IIR8WYnfcW8Ojsfk 27VFNY6WCSn07IkzyDFuCLHsmUEesiJvpYssOx4CuX1YEmlF7S/KepyI6QDVC+BV hFAfaVE1gdrny1sqaS8k4VFE9rHODML1q2yyeUNgdtL4YGdOeduqOEn6Q6GS/rvh +8vCZFkFb9QKxxItc1xvxvU8kAomQun+eqr040IHuF0jAZfLI18/5vzsPqeQG+Ua qU4CG5FucVytEkJCnQ8Ci3QH3FCm/BPqotyhO3OAi1b5+db+fT+UqJpiuHYCsPcQ 8DRKizi/ia6Rq5b/OTFodA8lo6U3nDIljJ7QcuADgGzX4fak+BxQNkQMfhS4/b01 /yFU034PmQBTJpm0r5Vb4V4lBWzAi5QMDttI4wncuM3VGbxSoEEXzdzFHVzgoy1r qDGfJ1C5VnSJeLawDa6tGyndBiVga/PPgx0CoSIPsAYnjXYfJM1DsohUXppTL1k+ z8W2UIoIGqycYdCm60uJ+qbzqLlODNXmXn154OJL3O/o6Nz7O+uqVt+WfaNnwO/Y wf85wHGjzLaOALZfly/fENQr5Aijb9WqavN3tbcipj6+F4D3OLJMOSap8+TOXF3C StEX/XQpQASMmemvHJr/8c9Fx6tumJ+hLI4EyXfNdlYFJFQY4l4J0X6+mH047B3G R+RN8v8nzXQ{m6 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . The following advisory data is extracted from: https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3061.json Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. JIRA issues fixed (https://issues.jboss.org/): LOG-3293 - log-file-metric-exporter container has not limits exhausting the resources of the node 6. Description: Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. JIRA issues fixed (https://issues.jboss.org/): ENTMQST-4107 - [KAFKA] MM2 connector task stopped and didn?t result in failed state ENTMQST-4541 - [PROD] Create RHSA erratum for Streams 2.4.0 6. 9) - noarch 3. Description: Jackson is a suite of data-processing tools for Java, including the flagship streaming JSON parser / generator library, matching data-binding library, and additional modules to process data encoded in various other data formats

Trust: 1.8

sources: NVD: CVE-2020-36518 // VULHUB: VHN-415522 // PACKETSTORM: 168638 // PACKETSTORM: 168631 // PACKETSTORM: 168622 // PACKETSTORM: 168621 // PACKETSTORM: 167423 // PACKETSTORM: 178714 // PACKETSTORM: 170179 // PACKETSTORM: 172453 // PACKETSTORM: 172220

AFFECTED PRODUCTS

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:gteversion:19.12.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core network slice selection functionscope:eqversion:22.1.1

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.0.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:18.8.0

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:gteversion:2.13.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:lteversion:17.12

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:gteversion:18.8.0.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:20.12.18

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:lteversion:17.12.20.4

Trust: 1.0

vendor:oraclemodel:financial services enterprise case managementscope:lteversion:8.1.2.1

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:gteversion:17.0

Trust: 1.0

vendor:oraclemodel:financial services behavior detection platformscope:gteversion:8.1.1.0

Trust: 1.0

vendor:oraclemodel:commerce platformscope:eqversion:11.3.0

Trust: 1.0

vendor:oraclemodel:coherencescope:eqversion:14.1.1.0.0

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:ltversion:2.12.6.1

Trust: 1.0

vendor:oraclemodel:sd-wan edgescope:eqversion:9.0

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:eqversion:8.1.2.0

Trust: 1.0

vendor:oraclemodel:communications billing and revenue managementscope:lteversion:12.0.0.6.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core service communication proxyscope:eqversion:22.2.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:19.12.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:21.12

Trust: 1.0

vendor:oraclemodel:financial services enterprise case managementscope:eqversion:8.0.7.2

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.3.0.6.0

Trust: 1.0

vendor:oraclemodel:financial services enterprise case managementscope:eqversion:8.0.7.1

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:eqversion:8.1.2.1

Trust: 1.0

vendor:oraclemodel:big data spatial and graphscope:ltversion:23.1

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:14.1.1.0.0

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:oncommand insightscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:gteversion:17.12.0.0

Trust: 1.0

vendor:oraclemodel:financial services trade-based anti money launderingscope:eqversion:8.0.7

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:17.12.11

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:lteversion:8.1.0.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core consolescope:eqversion:1.9.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:eqversion:8.1.1.0

Trust: 1.0

vendor:netappmodel:cloud insights acquisition unitscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:20.12

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:gteversion:20.12.0.0

Trust: 1.0

vendor:oraclemodel:financial services behavior detection platformscope:eqversion:8.0.7.0.0

Trust: 1.0

vendor:oraclemodel:communications billing and revenue managementscope:gteversion:12.0.0.4.0

Trust: 1.0

vendor:oraclemodel:global lifecycle management opatchscope:ltversion:12.2.0.1.30

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.58

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.3.0

Trust: 1.0

vendor:oraclemodel:financial services enterprise case managementscope:gteversion:8.1.1.0

Trust: 1.0

vendor:oraclemodel:spatial studioscope:ltversion:20.1.0

Trust: 1.0

vendor:oraclemodel:global lifecycle management nextgen oui frameworkscope:ltversion:13.9.4.2.2

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.59

Trust: 1.0

vendor:oraclemodel:communications cloud native core binding support functionscope:eqversion:22.1.3

Trust: 1.0

vendor:oraclemodel:communications cloud native core network repository functionscope:eqversion:22.2.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core network slice selection functionscope:eqversion:22.1.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:18.0

Trust: 1.0

vendor:oraclemodel:graph server and clientscope:ltversion:22.2.0

Trust: 1.0

vendor:oraclemodel:retail sales auditscope:eqversion:15.0.3.1

Trust: 1.0

vendor:oraclemodel:financial services enterprise case managementscope:eqversion:8.0.8.1

Trust: 1.0

vendor:oraclemodel:commerce platformscope:eqversion:11.3.2

Trust: 1.0

vendor:oraclemodel:health sciences empirica signalscope:eqversion:9.1.0.5.2

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:19.12.13

Trust: 1.0

vendor:netappmodel:oncommand workflow automationscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.2.0

Trust: 1.0

vendor:oraclemodel:financial services behavior detection platformscope:eqversion:8.0.8

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:21.12.1

Trust: 1.0

vendor:oraclemodel:global lifecycle management nextgen oui frameworkscope:eqversion:13.9.4.2.2

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:gteversion:8.0.7

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:oraclemodel:sd-wan edgescope:eqversion:9.1

Trust: 1.0

vendor:oraclemodel:financial services crime and compliance management studioscope:eqversion:8.0.8.3.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core security edge protection proxyscope:eqversion:22.1.1

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:18.8.14

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:lteversion:18.8.25.4

Trust: 1.0

vendor:oraclemodel:financial services crime and compliance management studioscope:eqversion:8.0.8.2.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core unified data repositoryscope:eqversion:22.2.0

Trust: 1.0

vendor:oraclemodel:financial services behavior detection platformscope:lteversion:8.1.2.1

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:21.12.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:17.12.0

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:ltversion:2.13.2.1

Trust: 1.0

vendor:oraclemodel:financial services enterprise case managementscope:eqversion:8.0.8.0

Trust: 1.0

vendor:netappmodel:snap creator frameworkscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications cloud native core network repository functionscope:eqversion:22.1.2

Trust: 1.0

vendor:oraclemodel:commerce platformscope:eqversion:11.3.1

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:lteversion:19.12.19.0

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:20.12.0

Trust: 1.0

vendor:oraclemodel:financial services trade-based anti money launderingscope:eqversion:8.0.8

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.3.0.5.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:19.12

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:lteversion:21.12.4.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.5.0

Trust: 1.0

sources: NVD: CVE-2020-36518

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-36518
value: HIGH

Trust: 1.0

VULHUB: VHN-415522
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-36518
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-415522
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-36518
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-415522 // NVD: CVE-2020-36518

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

sources: VULHUB: VHN-415522 // NVD: CVE-2020-36518

TYPE

code execution, xss

Trust: 0.3

sources: PACKETSTORM: 168631 // PACKETSTORM: 168622 // PACKETSTORM: 168621

EXPLOIT AVAILABILITY

[
  {
    "type": "unknown",
    "reference": "https://www.scap.org.cn/vuln/vhn-415522",
    "trust": 0.1
  }
]

sources: VULHUB: VHN-415522

EXTERNAL IDS

db:NVDid:CVE-2020-36518

Trust: 2.0

db:PACKETSTORMid:170179

Trust: 0.2

db:PACKETSTORMid:168631

Trust: 0.2

db:PACKETSTORMid:167423

Trust: 0.2

db:PACKETSTORMid:168646

Trust: 0.1

db:PACKETSTORMid:169920

Trust: 0.1

db:PACKETSTORMid:169728

Trust: 0.1

db:PACKETSTORMid:170602

Trust: 0.1

db:PACKETSTORMid:168333

Trust: 0.1

db:PACKETSTORMid:167842

Trust: 0.1

db:PACKETSTORMid:169725

Trust: 0.1

db:PACKETSTORMid:167841

Trust: 0.1

db:PACKETSTORMid:170162

Trust: 0.1

db:PACKETSTORMid:169727

Trust: 0.1

db:PACKETSTORMid:167579

Trust: 0.1

db:PACKETSTORMid:167157

Trust: 0.1

db:PACKETSTORMid:169926

Trust: 0.1

db:PACKETSTORMid:169729

Trust: 0.1

db:PACKETSTORMid:167422

Trust: 0.1

db:PACKETSTORMid:167523

Trust: 0.1

db:PACKETSTORMid:167424

Trust: 0.1

db:VULHUBid:VHN-415522

Trust: 0.1

db:PACKETSTORMid:168638

Trust: 0.1

db:PACKETSTORMid:168622

Trust: 0.1

db:PACKETSTORMid:168621

Trust: 0.1

db:PACKETSTORMid:178714

Trust: 0.1

db:PACKETSTORMid:172453

Trust: 0.1

db:PACKETSTORMid:172220

Trust: 0.1

sources: VULHUB: VHN-415522 // PACKETSTORM: 168638 // PACKETSTORM: 168631 // PACKETSTORM: 168622 // PACKETSTORM: 168621 // PACKETSTORM: 167423 // PACKETSTORM: 178714 // PACKETSTORM: 170179 // PACKETSTORM: 172453 // PACKETSTORM: 172220 // NVD: CVE-2020-36518

REFERENCES

url:https://security.netapp.com/advisory/ntap-20220506-0004/

Trust: 1.1

url:https://www.debian.org/security/2022/dsa-5283

Trust: 1.1

url:https://github.com/fasterxml/jackson-databind/issues/2816

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36518

Trust: 0.9

url:https://access.redhat.com/security/team/contact/

Trust: 0.8

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2020-36518

Trust: 0.8

url:https://bugzilla.redhat.com/):

Trust: 0.8

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.7

url:https://access.redhat.com/articles/11258

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-0084

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-0866

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-0084

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-43797

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-42392

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-0866

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-43797

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-42392

Trust: 0.4

url:https://access.redhat.com/security/team/key/

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-2256

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-2256

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-0225

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-2668

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-2668

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-0225

Trust: 0.3

url:https://issues.jboss.org/):

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-23913

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-23437

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-21363

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-24785

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-23437

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-23913

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-21363

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-37137

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-37137

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-37136

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-37136

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-42003

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-42004

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-24771

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-31129

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0235

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21724

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23436

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7746

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1365

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-44906

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0722

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0235

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23436

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1365

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1650

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26520

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-44906

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24771

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2458

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6813

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2458

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24772

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-7746

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21724

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0722

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1650

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6782

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6787

Trust: 0.1

url:https://access.redhat.com/products/red-hat-single-sign-on/

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6783

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:4918

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21299

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21299

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23221

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24785

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1319

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1319

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0853

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23221

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0853

Trust: 0.1

url:https://issues.redhat.com/browse/rhel-19140

Trust: 0.1

url:https://issues.redhat.com/browse/rhel-12764

Trust: 0.1

url:https://issues.redhat.com/browse/rhel-16724

Trust: 0.1

url:https://issues.redhat.com/browse/rhel-22445

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2024:3061

Trust: 0.1

url:https://issues.redhat.com/browse/rhel-12765

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.10_release_notes/index

Trust: 0.1

url:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3061.json

Trust: 0.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=2064698

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36516

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24448

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26710

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:8889

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22628

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21618

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3515

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0168

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21628

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-3709

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0617

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0924

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0562

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2639

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0908

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1055

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2068

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0865

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2097

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35527

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35525

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26373

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26709

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-20368

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1048

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3640

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0561

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0617

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-39399

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0562

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0854

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22629

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-29581

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1016

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2078

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22844

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-42898

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2938

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21499

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1927

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-36946

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0865

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1897

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36558

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27405

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-3709

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0909

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1852

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0561

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35527

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0854

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30293

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27406

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0168

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21624

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1304

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26717

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1785

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21626

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-28390

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36558

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26716

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1586

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30002

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27950

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27404

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2586

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23960

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3640

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30002

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0891

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1184

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35525

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22624

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2509

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26700

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25255

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26719

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-34903

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21619

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-37434

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1292

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1355

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36516

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22662

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-28893

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-46877

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-40149

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.amq.streams&version=2.4.0

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-0341

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24823

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42004

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-40150

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-40149

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42003

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:3223

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-36944

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-1370

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-46877

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-36944

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-40150

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24823

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-0833

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-0833

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-1370

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-0341

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:2312

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index

Trust: 0.1

sources: VULHUB: VHN-415522 // PACKETSTORM: 168638 // PACKETSTORM: 168631 // PACKETSTORM: 168622 // PACKETSTORM: 168621 // PACKETSTORM: 167423 // PACKETSTORM: 178714 // PACKETSTORM: 170179 // PACKETSTORM: 172453 // PACKETSTORM: 172220 // NVD: CVE-2020-36518

CREDITS

Red Hat

Trust: 0.9

sources: PACKETSTORM: 168638 // PACKETSTORM: 168631 // PACKETSTORM: 168622 // PACKETSTORM: 168621 // PACKETSTORM: 167423 // PACKETSTORM: 178714 // PACKETSTORM: 170179 // PACKETSTORM: 172453 // PACKETSTORM: 172220

SOURCES

db:VULHUBid:VHN-415522
db:PACKETSTORMid:168638
db:PACKETSTORMid:168631
db:PACKETSTORMid:168622
db:PACKETSTORMid:168621
db:PACKETSTORMid:167423
db:PACKETSTORMid:178714
db:PACKETSTORMid:170179
db:PACKETSTORMid:172453
db:PACKETSTORMid:172220
db:NVDid:CVE-2020-36518

LAST UPDATE DATE

2025-05-10T19:47:32.042000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-415522date:2022-11-29T00:00:00
db:NVDid:CVE-2020-36518date:2022-11-29T22:12:38.183

SOURCES RELEASE DATE

db:VULHUBid:VHN-415522date:2022-03-11T00:00:00
db:PACKETSTORMid:168638date:2022-10-06T12:37:43
db:PACKETSTORMid:168631date:2022-10-05T14:27:31
db:PACKETSTORMid:168622date:2022-10-05T14:26:05
db:PACKETSTORMid:168621date:2022-10-05T14:25:53
db:PACKETSTORMid:167423date:2022-06-07T15:14:53
db:PACKETSTORMid:178714date:2024-05-23T14:01:51
db:PACKETSTORMid:170179date:2022-12-09T14:52:40
db:PACKETSTORMid:172453date:2023-05-18T13:50:51
db:PACKETSTORMid:172220date:2023-05-09T15:20:56
db:NVDid:CVE-2020-36518date:2022-03-11T07:15:07.800