{ "threat_severity" : "Important", "public_date" : "2018-02-12T15:00:00Z", "bugzilla" : { "description" : "infinispan: Unsafe deserialization of malicious object injected into data cache", "id" : "1503610", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1503610" }, "cvss3" : { "cvss3_base_score" : "8.0", "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-502", "details" : [ "It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.", "It was found that the Hotrod client in Infinispan would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks." ], "acknowledgement" : "Red Hat would like to thank Man Yue Mo (Semmle/lgtm.com) for reporting this issue.", "affected_release" : [ { "product_name" : "Red Hat Data Grid 7.1.2", "release_date" : "2018-02-12T00:00:00Z", "advisory" : "RHSA-2018:0294", "cpe" : "cpe:/a:redhat:jboss_data_grid:7.1", "package" : "infinispan-core" }, { "product_name" : "Red Hat Fuse 6.3", "release_date" : "2019-06-04T00:00:00Z", "advisory" : "RHSA-2019:1326", "cpe" : "cpe:/a:redhat:jboss_fuse:6.3", "package" : "Camel" }, { "product_name" : "Red Hat JBoss EAP 7", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0478", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7", "package" : "infinispan-core" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0479", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-activemq-artemis-0:1.5.5.009-1.redhat_1.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0479", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-apache-cxf-0:3.1.13-1.redhat_1.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0479", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-glassfish-jsf-0:2.2.13-6.SP5_redhat_1.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0479", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-hibernate-0:5.1.12-1.Final_redhat_1.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0479", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-infinispan-0:8.2.9-1.Final_redhat_1.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0479", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-ironjacamar-0:1.4.7-1.Final_redhat_1.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0479", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-jackson-annotations-0:2.8.11-1.redhat_1.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0479", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-jackson-core-0:2.8.11-1.redhat_1.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0479", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-jackson-databind-0:2.8.11-1.redhat_1.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0479", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-jackson-jaxrs-providers-0:2.8.11-1.redhat_1.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0479", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-jackson-module-jaxb-annotations-0:2.8.11-1.redhat_1.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0479", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-jackson-modules-java8-0:2.8.11-1.redhat_1.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0479", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-jboss-logmanager-0:2.0.8-1.Final_redhat_1.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0479", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-jboss-server-migration-0:1.0.3-6.Final_redhat_6.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0479", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-jbossws-cxf-0:5.1.10-1.Final_redhat_1.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0479", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-narayana-0:5.5.31-1.Final_redhat_1.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0479", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-picketlink-bindings-0:2.5.5-10.SP9_redhat_1.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0479", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-picketlink-federation-0:2.5.5-10.SP9_redhat_1.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0479", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-resteasy-0:3.0.25-1.Final_redhat_1.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0479", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-undertow-0:1.4.18-4.SP2_redhat_1.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0479", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-undertow-jastow-0:2.0.3-1.Final_redhat_1.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0479", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-wildfly-0:7.1.1-4.GA_redhat_2.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0479", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-wildfly-elytron-0:1.1.8-1.Final_redhat_1.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0479", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-wildfly-http-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0479", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-wildfly-javadocs-0:7.1.1-3.GA_redhat_2.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0479", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-wss4j-0:2.1.11-1.redhat_1.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0479", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-xml-security-0:2.0.9-1.redhat_1.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0481", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-jboss-ec2-eap-0:7.1.1-3.1.GA_redhat_3.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0480", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package" : "eap7-activemq-artemis-0:1.5.5.009-1.redhat_1.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0480", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package" : "eap7-apache-cxf-0:3.1.13-1.redhat_1.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0480", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package" : "eap7-glassfish-jsf-0:2.2.13-6.SP5_redhat_1.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0480", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package" : "eap7-hibernate-0:5.1.12-1.Final_redhat_1.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0480", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package" : "eap7-infinispan-0:8.2.9-1.Final_redhat_1.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0480", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package" : "eap7-ironjacamar-0:1.4.7-1.Final_redhat_1.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0480", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package" : "eap7-jackson-annotations-0:2.8.11-1.redhat_1.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0480", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package" : "eap7-jackson-core-0:2.8.11-1.redhat_1.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0480", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package" : "eap7-jackson-databind-0:2.8.11-1.redhat_1.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0480", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package" : "eap7-jackson-jaxrs-providers-0:2.8.11-1.redhat_1.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0480", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package" : "eap7-jackson-module-jaxb-annotations-0:2.8.11-1.redhat_1.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0480", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package" : "eap7-jackson-modules-java8-0:2.8.11-1.redhat_1.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0480", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package" : "eap7-jboss-logmanager-0:2.0.8-1.Final_redhat_1.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0480", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package" : "eap7-jboss-server-migration-0:1.0.3-6.Final_redhat_6.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0480", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package" : "eap7-jbossws-cxf-0:5.1.10-1.Final_redhat_1.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0480", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package" : "eap7-narayana-0:5.5.31-1.Final_redhat_1.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0480", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package" : "eap7-picketlink-bindings-0:2.5.5-10.SP9_redhat_1.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0480", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package" : "eap7-picketlink-federation-0:2.5.5-10.SP9_redhat_1.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0480", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package" : "eap7-resteasy-0:3.0.25-1.Final_redhat_1.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0480", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package" : "eap7-undertow-0:1.4.18-4.SP2_redhat_1.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0480", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package" : "eap7-undertow-jastow-0:2.0.3-1.Final_redhat_1.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0480", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package" : "eap7-wildfly-0:7.1.1-4.GA_redhat_2.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0480", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package" : "eap7-wildfly-elytron-0:1.1.8-1.Final_redhat_1.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0480", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package" : "eap7-wildfly-http-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0480", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package" : "eap7-wildfly-javadocs-0:7.1.1-3.GA_redhat_2.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0480", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package" : "eap7-wss4j-0:2.1.11-1.redhat_1.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0480", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package" : "eap7-xml-security-0:2.0.9-1.redhat_1.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date" : "2018-03-12T00:00:00Z", "advisory" : "RHSA-2018:0481", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package" : "eap7-jboss-ec2-eap-0:7.1.1-3.1.GA_redhat_3.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform Continuous Delivery", "release_date" : "2020-06-15T00:00:00Z", "advisory" : "RHSA-2020:2561", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_cd:12", "package" : "infinispan-core" }, { "product_name" : "Red Hat Single Sign-On 7.2.1 zip", "release_date" : "2018-03-13T00:00:00Z", "advisory" : "RHSA-2018:0501", "cpe" : "cpe:/a:redhat:jboss_single_sign_on:7.2" } ], "package_state" : [ { "product_name" : "Red Hat JBoss Data Grid 6", "fix_state" : "Will not fix", "package_name" : "infinispan-core", "cpe" : "cpe:/a:redhat:jboss_data_grid:6" }, { "product_name" : "Red Hat JBoss Data Virtualization 6", "fix_state" : "Not affected", "package_name" : "infinispan-core", "cpe" : "cpe:/a:redhat:jboss_data_virtualization:6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6", "fix_state" : "Out of support scope", "package_name" : "infinispan-core", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6" }, { "product_name" : "Red Hat JBoss Fuse Integration Service 2", "fix_state" : "Affected", "package_name" : "infinispan-core", "cpe" : "cpe:/a:redhat:fuse_integration_services:2" }, { "product_name" : "Red Hat JBoss Fuse Service Works 6", "fix_state" : "Will not fix", "package_name" : "infinispan-core", "cpe" : "cpe:/a:redhat:jboss_fuse_service_works:6" }, { "product_name" : "Red Hat JBoss Operations Network 3", "fix_state" : "Not affected", "package_name" : "infinispan-core", "cpe" : "cpe:/a:redhat:jboss_operations_network:3" }, { "product_name" : "Red Hat JBoss Portal 6", "fix_state" : "Will not fix", "package_name" : "infinispan-core", "cpe" : "cpe:/a:redhat:jboss_enterprise_portal_platform:6" }, { "product_name" : "Red Hat Single Sign-On 7", "fix_state" : "Affected", "package_name" : "infinispan-core", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7" }, { "product_name" : "Red Hat Virtualization 4", "fix_state" : "Will not fix", "package_name" : "eap7-infinispan-core", "cpe" : "cpe:/o:redhat:rhev_hypervisor:4", "impact" : "moderate" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-15089\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15089" ], "name" : "CVE-2017-15089", "csaw" : false }