{ "threat_severity" : "Important", "public_date" : "2019-04-23T00:00:00Z", "bugzilla" : { "description" : "qpid-proton: TLS Man in the Middle Vulnerability", "id" : "1702439", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1702439" }, "cvss3" : { "cvss3_base_score" : "7.4", "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status" : "verified" }, "cwe" : "CWE-358->CWE-300", "details" : [ "While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic.", "A cryptographic weakness was discovered in qpid-proton's use of TLS. If the qpid-proton client was used without client certificates, it would accept an anonymous cipher offered by the server. A man-in-the-middle attacker could use this to silently intercept traffic that should have been encrypted." ], "statement" : "Red Hat OpenStack Platform 14 (and its Operational Tools) is impacted by this flaw; other supported versions are not vulnerable.\nRed Hat Virtualization 4 uses qpid-proton for katello-agent, which always uses client certificate authentication.\nRed Hat Update Infrastructure 3 is impacted by this flaw, however in its default configuration client certificate authentication is used and qpidd service, which uses qpid-proton, cannot be reach from other machines.", "affected_release" : [ { "product_name" : "AMQ Clients 2.y for RHEL 6", "release_date" : "2019-04-25T00:00:00Z", "advisory" : "RHSA-2019:0886", "cpe" : "cpe:/a:redhat:a_mq_clients:2::el6", "package" : "qpid-proton-0:0.27.0-3.el6", "impact" : "moderate" }, { "product_name" : "AMQ Clients 2.y for RHEL 7", "release_date" : "2019-04-25T00:00:00Z", "advisory" : "RHSA-2019:0886", "cpe" : "cpe:/a:redhat:a_mq_clients:2::el7", "package" : "qpid-proton-0:0.27.0-3.el7", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "ansible-runner-0:1.3.4-2.el8ar", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "ansible-tower-0:3.5.2-1.el8at", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "cfme-0:5.11.0.28-1.el8cf", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "cfme-amazon-smartstate-0:5.11.0.28-1.el8cf", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "cfme-appliance-0:5.11.0.28-1.el8cf", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "cfme-gemset-0:5.11.0.28-1.el8cf", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "ovirt-ansible-cluster-upgrade-0:1.1.13-1.el8ev", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "ovirt-ansible-disaster-recovery-0:1.2.0-1.el8ev", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "ovirt-ansible-engine-setup-0:1.1.9-1.el8ev", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "ovirt-ansible-hosted-engine-setup-0:1.0.26-1.el8ev", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "ovirt-ansible-image-template-0:1.1.11-1.el8ev", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "ovirt-ansible-infra-0:1.1.12-1.el8ev", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "ovirt-ansible-manageiq-0:1.1.14-1.el8ev", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "ovirt-ansible-repositories-0:1.1.5-1.el8ev", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "ovirt-ansible-roles-0:1.1.7-2.el8ev", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "ovirt-ansible-shutdown-env-0:1.0.3-1.el8ev", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "ovirt-ansible-vm-infra-0:1.1.19-1.el8ev", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "prince-0:12.4-1.el8cf", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "python3-ovirt-engine-sdk4-0:4.3.2-1.el8ev", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "python-bambou-0:3.0.1-2.el8cf", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "python-colorama-0:0.4.1-1.el8ost", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "python-daemon-0:2.1.2-9.el8ar", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "python-funcsigs-0:1.0.2-3.el8ost", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "python-future-0:0.16.0-1.el8cf", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "python-lockfile-1:0.11.0-8.el8ar", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "python-mock-0:2.0.0-11.el8ost", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "python-pbr-0:5.1.2-2.el8ost", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "python-pexpect-0:4.6-2.el8ar", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "python-psutil-0:5.4.3-5.el8ar", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "python-pylxca-0:2.1.1-2.el8cf", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "python-requests-toolbelt-0:0.8.0-2.el8cf", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "python-tabulate-0:0.8.2-1.el8cf", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "python-vspk-0:5.3.2-2.el8cf", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "qpid-proton-0:0.28.0-1.el8", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "repmgr10-0:4.0.6-3.el8cf", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "rubygem-bcrypt-0:3.1.13-1.el8cf", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "rubygem-byebug-0:11.0.1-1.el8cf", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "rubygem-escape_utils-0:1.2.1-1.el8cf", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "rubygem-ffi-0:1.9.25-1.el8cf", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "rubygem-hamlit-0:2.8.10-1.el8cf", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "rubygem-http_parser.rb-0:0.6.0-1.el8cf", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "rubygem-linux_block_device-0:0.2.1-1.el8cf", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "rubygem-memory_buffer-0:0.1.0-2.el8cf", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "rubygem-nio4r-0:2.4.0-1.el8cf", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "rubygem-nokogiri-0:1.8.5-1.el8cf", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "rubygem-ovirt-engine-sdk4-0:4.3.0-1.el8cf", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "rubygem-puma-0:3.7.1-1.el8cf", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "rubygem-qpid_proton-0:0.26.0-1.el8cf", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "rubygem-rugged-0:0.28.2-1.el8cf", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "rubygem-sassc-0:2.0.1-1.el8cf", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "rubygem-sqlite3-0:1.3.13-2.el8cf", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "rubygem-surro-gate-0:1.0.5-1.el8cf", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "rubygem-unf_ext-0:0.0.7.6-1.el8cf", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "rubygem-websocket-driver-0:0.6.5-1.el8cf", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "smem-0:1.4-1.el8cf", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "v2v-conversion-host-0:1.14.2-1.el8ev", "impact" : "moderate" }, { "product_name" : "CloudForms Management Engine 5.11", "release_date" : "2019-12-12T00:00:00Z", "advisory" : "RHBA-2019:4199", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "package" : "wmi-0:1.3.14-8.el8cf", "impact" : "moderate" }, { "product_name" : "Red Hat OpenStack Platform 13.0 (Queens)", "release_date" : "2019-06-06T00:00:00Z", "advisory" : "RHSA-2019:1400", "cpe" : "cpe:/a:redhat:openstack:13::el7", "package" : "jsoncpp-0:1.7.7-1.el7", "impact" : "moderate" }, { "product_name" : "Red Hat OpenStack Platform 13.0 (Queens)", "release_date" : "2019-06-06T00:00:00Z", "advisory" : "RHSA-2019:1400", "cpe" : "cpe:/a:redhat:openstack:13::el7", "package" : "qpid-proton-0:0.27.0-3.el7", "impact" : "moderate" }, { "product_name" : "Red Hat OpenStack Platform 14.0 Operational Tools for RHEL 7", "release_date" : "2019-06-06T00:00:00Z", "advisory" : "RHSA-2019:1398", "cpe" : "cpe:/a:redhat:openstack-optools:14::el7", "package" : "qpid-proton-0:0.27.0-3.el7", "impact" : "moderate" }, { "product_name" : "Red Hat OpenStack Platform 14.0 (Rocky)", "release_date" : "2019-06-06T00:00:00Z", "advisory" : "RHSA-2019:1399", "cpe" : "cpe:/a:redhat:openstack:14::el7", "package" : "qpid-proton-0:0.27.0-3.el7", "impact" : "moderate" }, { "product_name" : "Red Hat Satellite 6.3 for RHEL 7", "release_date" : "2019-09-17T00:00:00Z", "advisory" : "RHSA-2019:2779", "cpe" : "cpe:/a:redhat:satellite:6.3::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Red Hat Satellite 6.3 for RHEL 7", "release_date" : "2019-09-17T00:00:00Z", "advisory" : "RHSA-2019:2779", "cpe" : "cpe:/a:redhat:satellite_capsule:6.3::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Red Hat Satellite 6.4 for RHEL 7", "release_date" : "2019-09-17T00:00:00Z", "advisory" : "RHSA-2019:2778", "cpe" : "cpe:/a:redhat:satellite:6.4::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Red Hat Satellite 6.4 for RHEL 7", "release_date" : "2019-09-17T00:00:00Z", "advisory" : "RHSA-2019:2778", "cpe" : "cpe:/a:redhat:satellite_capsule:6.4::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Red Hat Satellite 6.5 for RHEL 7", "release_date" : "2019-09-17T00:00:00Z", "advisory" : "RHSA-2019:2777", "cpe" : "cpe:/a:redhat:satellite:6.5::el7", "package" : "qpid-proton-0:0.28.0-1.el7" }, { "product_name" : "Red Hat Satellite 6.5 for RHEL 7", "release_date" : "2019-09-17T00:00:00Z", "advisory" : "RHSA-2019:2777", "cpe" : "cpe:/a:redhat:satellite_capsule:6.5::el7", "package" : "qpid-proton-0:0.28.0-1.el7" }, { "product_name" : "Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS", "release_date" : "2019-09-17T00:00:00Z", "advisory" : "RHSA-2019:2780", "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package" : "qpid-proton-0:0.28.0-1.el7" }, { "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date" : "2019-09-17T00:00:00Z", "advisory" : "RHSA-2019:2780", "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package" : "qpid-proton-0:0.28.0-1.el7" }, { "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2782", "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Satellite Tools 6.3 for RHEL 5.9.AUS", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2781", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.3::el5", "package" : "qpid-proton-0:0.9-22.el5" }, { "product_name" : "Satellite Tools 6.3 for RHEL 5.ELS", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2781", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.3::el5", "package" : "qpid-proton-0:0.9-22.el5" }, { "product_name" : "Satellite Tools 6.3 for RHEL 6", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2781", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.3::el6", "package" : "qpid-proton-0:0.16.0-14.el6sat" }, { "product_name" : "Satellite Tools 6.3 for RHEL 6.4.AUS", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2781", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.3::el6", "package" : "qpid-proton-0:0.16.0-14.el6sat" }, { "product_name" : "Satellite Tools 6.3 for RHEL 6.5.AUS", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2781", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.3::el6", "package" : "qpid-proton-0:0.16.0-14.el6sat" }, { "product_name" : "Satellite Tools 6.3 for RHEL 6.6.AUS", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2781", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.3::el6", "package" : "qpid-proton-0:0.16.0-14.el6sat" }, { "product_name" : "Satellite Tools 6.3 for RHEL 6.7.EUS", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2781", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.3::el6", "package" : "qpid-proton-0:0.16.0-14.el6sat" }, { "product_name" : "Satellite Tools 6.3 for RHEL 7", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2781", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.3::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Satellite Tools 6.3 for RHEL 7.2.AUS", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2781", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.3::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Satellite Tools 6.3 for RHEL 7.2.E4S", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2781", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.3::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Satellite Tools 6.3 for RHEL 7.2.EUS", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2781", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.3::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Satellite Tools 6.3 for RHEL 7.3.AUS", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2781", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.3::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Satellite Tools 6.3 for RHEL 7.3.E4S", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2781", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.3::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Satellite Tools 6.3 for RHEL 7.3.EUS", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2781", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.3::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Satellite Tools 6.3 for RHEL 7.4.AUS", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2781", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.3::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Satellite Tools 6.3 for RHEL 7.4.E4S", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2781", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.3::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Satellite Tools 6.3 for RHEL 7.4.EUS", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2781", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.3::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Satellite Tools 6.3 for RHEL 7.5.EUS", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2781", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.3::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Satellite Tools 6.3 for RHEL 7.6.AUS", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2781", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.3::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Satellite Tools 6.3 for RHEL 7.6.E4S", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2781", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.3::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Satellite Tools 6.3 for RHEL 7.6.EUS", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2781", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.3::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Satellite Tools 6.4 for RHEL 5.9.AUS", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2782", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.4::el5", "package" : "qpid-proton-0:0.9-22.el5" }, { "product_name" : "Satellite Tools 6.4 for RHEL 5.ELS", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2782", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.4::el5", "package" : "qpid-proton-0:0.9-22.el5" }, { "product_name" : "Satellite Tools 6.4 for RHEL 6", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2782", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.4::el6", "package" : "qpid-proton-0:0.16.0-14.el6sat" }, { "product_name" : "Satellite Tools 6.4 for RHEL 6.7.EUS", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2782", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.4::el6", "package" : "qpid-proton-0:0.16.0-14.el6sat" }, { "product_name" : "Satellite Tools 6.4 for RHEL 7", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2782", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.4::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Satellite Tools 6.4 for RHEL 7.2.AUS", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2782", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.4::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Satellite Tools 6.4 for RHEL 7.2.E4S", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2782", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.4::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Satellite Tools 6.4 for RHEL 7.2.TUS", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2782", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.4::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Satellite Tools 6.4 for RHEL 7.3.AUS", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2782", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.4::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Satellite Tools 6.4 for RHEL 7.3.E4S", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2782", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.4::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Satellite Tools 6.4 for RHEL 7.3.TUS", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2782", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.4::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Satellite Tools 6.4 for RHEL 7.4.AUS", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2782", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.4::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Satellite Tools 6.4 for RHEL 7.4.E4S", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2782", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.4::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Satellite Tools 6.4 for RHEL 7.4.EUS", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2782", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.4::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Satellite Tools 6.4 for RHEL 7.4.TUS", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2782", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.4::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Satellite Tools 6.4 for RHEL 7.5.EUS", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2782", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.4::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Satellite Tools 6.4 for RHEL 7.6.AUS", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2782", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.4::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Satellite Tools 6.4 for RHEL 7.6.E4S", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2782", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.4::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Satellite Tools 6.4 for RHEL 7.6.EUS", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2782", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.4::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Satellite Tools 6.4 for RHEL 7.6.TUS", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2782", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.4::el7", "package" : "qpid-proton-0:0.16.0-14.el7sat" }, { "product_name" : "Satellite Tools 6.5 for RHEL 5.9.AUS", "release_date" : "2019-09-17T00:00:00Z", "advisory" : "RHSA-2019:2780", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package" : "qpid-proton-0:0.9-22.el5" }, { "product_name" : "Satellite Tools 6.5 for RHEL 5.ELS", "release_date" : "2019-09-17T00:00:00Z", "advisory" : "RHSA-2019:2780", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package" : "qpid-proton-0:0.9-22.el5" }, { "product_name" : "Satellite Tools 6.5 for RHEL 6", "release_date" : "2019-09-17T00:00:00Z", "advisory" : "RHSA-2019:2780", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.5::el6", "package" : "qpid-proton-0:0.16.0-14.el6sat" }, { "product_name" : "Satellite Tools 6.5 for RHEL 7", "release_date" : "2019-09-17T00:00:00Z", "advisory" : "RHSA-2019:2780", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.5::el7", "package" : "qpid-proton-0:0.28.0-1.el7" }, { "product_name" : "Satellite Tools 6.5 for RHEL 7.2.AUS", "release_date" : "2019-09-17T00:00:00Z", "advisory" : "RHSA-2019:2780", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.5::el7", "package" : "qpid-proton-0:0.28.0-1.el7" }, { "product_name" : "Satellite Tools 6.5 for RHEL 7.2.E4S", "release_date" : "2019-09-17T00:00:00Z", "advisory" : "RHSA-2019:2780", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.5::el7", "package" : "qpid-proton-0:0.28.0-1.el7" }, { "product_name" : "Satellite Tools 6.5 for RHEL 7.2.TUS", "release_date" : "2019-09-17T00:00:00Z", "advisory" : "RHSA-2019:2780", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.5::el7", "package" : "qpid-proton-0:0.28.0-1.el7" }, { "product_name" : "Satellite Tools 6.5 for RHEL 7.3.AUS", "release_date" : "2019-09-17T00:00:00Z", "advisory" : "RHSA-2019:2780", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.5::el7", "package" : "qpid-proton-0:0.28.0-1.el7" }, { "product_name" : "Satellite Tools 6.5 for RHEL 7.3.E4S", "release_date" : "2019-09-17T00:00:00Z", "advisory" : "RHSA-2019:2780", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.5::el7", "package" : "qpid-proton-0:0.28.0-1.el7" }, { "product_name" : "Satellite Tools 6.5 for RHEL 7.3.TUS", "release_date" : "2019-09-17T00:00:00Z", "advisory" : "RHSA-2019:2780", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.5::el7", "package" : "qpid-proton-0:0.28.0-1.el7" }, { "product_name" : "Satellite Tools 6.5 for RHEL 7.4.AUS", "release_date" : "2019-09-17T00:00:00Z", "advisory" : "RHSA-2019:2780", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.5::el7", "package" : "qpid-proton-0:0.28.0-1.el7" }, { "product_name" : "Satellite Tools 6.5 for RHEL 7.4.E4S", "release_date" : "2019-09-17T00:00:00Z", "advisory" : "RHSA-2019:2780", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.5::el7", "package" : "qpid-proton-0:0.28.0-1.el7" }, { "product_name" : "Satellite Tools 6.5 for RHEL 7.4.EUS", "release_date" : "2019-09-17T00:00:00Z", "advisory" : "RHSA-2019:2780", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.5::el7", "package" : "qpid-proton-0:0.28.0-1.el7" }, { "product_name" : "Satellite Tools 6.5 for RHEL 7.4.TUS", "release_date" : "2019-09-17T00:00:00Z", "advisory" : "RHSA-2019:2780", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.5::el7", "package" : "qpid-proton-0:0.28.0-1.el7" }, { "product_name" : "Satellite Tools 6.5 for RHEL 7.5.EUS", "release_date" : "2019-09-17T00:00:00Z", "advisory" : "RHSA-2019:2780", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.5::el7", "package" : "qpid-proton-0:0.28.0-1.el7" }, { "product_name" : "Satellite Tools 6.5 for RHEL 7.6.AUS", "release_date" : "2019-09-17T00:00:00Z", "advisory" : "RHSA-2019:2780", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.5::el7", "package" : "qpid-proton-0:0.28.0-1.el7" }, { "product_name" : "Satellite Tools 6.5 for RHEL 7.6.E4S", "release_date" : "2019-09-17T00:00:00Z", "advisory" : "RHSA-2019:2780", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.5::el7", "package" : "qpid-proton-0:0.28.0-1.el7" }, { "product_name" : "Satellite Tools 6.5 for RHEL 7.6.EUS", "release_date" : "2019-09-17T00:00:00Z", "advisory" : "RHSA-2019:2780", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.5::el7", "package" : "qpid-proton-0:0.28.0-1.el7" }, { "product_name" : "Satellite Tools 6.5 for RHEL 7.6.TUS", "release_date" : "2019-09-17T00:00:00Z", "advisory" : "RHSA-2019:2780", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.5::el7", "package" : "qpid-proton-0:0.28.0-1.el7" }, { "product_name" : "Satellite Tools 6.5 for RHEL 8", "release_date" : "2019-09-17T00:00:00Z", "advisory" : "RHSA-2019:2780", "cpe" : "cpe:/a:redhat:rhel_satellite_tools:6.5::el8", "package" : "qpid-proton-0:0.28.0-1.el8" } ], "package_state" : [ { "product_name" : "A-MQ Interconnect 1", "fix_state" : "Affected", "package_name" : "qpid-proton", "cpe" : "cpe:/a:redhat:amq_interconnect:1", "impact" : "moderate" }, { "product_name" : "Red Hat AMQ Broker 7", "fix_state" : "Not affected", "package_name" : "qpid-proton", "cpe" : "cpe:/a:redhat:amq_broker:7", "impact" : "moderate" }, { "product_name" : "Red Hat Enterprise MRG 3", "fix_state" : "Will not fix", "package_name" : "qpid-proton", "cpe" : "cpe:/a:redhat:enterprise_mrg:3", "impact" : "moderate" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Not affected", "package_name" : "proton-j", "cpe" : "cpe:/a:redhat:jboss_fuse:7", "impact" : "moderate" }, { "product_name" : "Red Hat JBoss A-MQ 6", "fix_state" : "Out of support scope", "package_name" : "proton-j", "cpe" : "cpe:/a:redhat:jboss_amq:6", "impact" : "moderate" }, { "product_name" : "Red Hat JBoss Fuse 6", "fix_state" : "Out of support scope", "package_name" : "proton-j", "cpe" : "cpe:/a:redhat:jboss_fuse:6", "impact" : "moderate" }, { "product_name" : "Red Hat OpenShift Application Runtimes", "fix_state" : "Affected", "package_name" : "proton-j", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0", "impact" : "moderate" }, { "product_name" : "Red Hat OpenStack Platform 8 (Liberty)", "fix_state" : "Will not fix", "package_name" : "qpid-proton", "cpe" : "cpe:/a:redhat:openstack:8", "impact" : "moderate" }, { "product_name" : "Red Hat Update Infrastructure 3 for Cloud Providers", "fix_state" : "Will not fix", "package_name" : "qpid-proton", "cpe" : "cpe:/a:redhat:rhui:3" }, { "product_name" : "Red Hat Virtualization 4", "fix_state" : "Not affected", "package_name" : "redhat-virtualization-host", "cpe" : "cpe:/o:redhat:rhev_hypervisor:4", "impact" : "moderate" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-0223\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-0223\nhttps://qpid.apache.org/cves/CVE-2019-0223.html" ], "name" : "CVE-2019-0223", "mitigation" : { "value" : "This attack will not work if client-certificate authentication is in place because anonymous ciphers would not then be available.\nAnother possible mitigation is to disable anonymous ciphers on clients.", "lang" : "en:us" }, "csaw" : false }